QwikSec

Security Database

CVE

CWE

Training

CVE-2023-41752

Published: Oct 17, 2023

Modified: Jun 12, 2025

PUBLISHED

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Traffic Server	affected `8.0.0 - <= 8.1.8` affected `9.0.0 - <= 9.2.2`

Weaknesses (CWE)

References

https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q

vendor-advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/

https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/

https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html

https://www.debian.org/security/2023/dsa-5549

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.