QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3249

Published: Oct 30, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://yahoo-security.tumblr.com/post/122883273670/apache-traffic-server-http2-fuzzing

x_refsource_MISC

[www-announce] 20150704 [ANNOUNCE] Apache Traffic Server 5.3.1 is released!

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.