QwikSec

Security Database

CVE

CWE

Training

CVE-2023-30631

Published: Jun 14, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

Vendor	Product	Versions
Apache Software Foundation	Apache Traffic Server	affected `8.0.0 - <= 9.2.0`

Weaknesses (CWE)

References

https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs

vendor-advisory

https://www.debian.org/security/2023/dsa-5435

https://lists.fedoraproject.org/archives/list/[email protected]/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/

https://lists.fedoraproject.org/archives/list/[email protected]/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/

https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.