Traffic Server
CVE-2014-3624
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
AnalysisAI
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-284. Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. Affected products include: Apache Traffic Server. Version information: before 5.1.1.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Traffic Server
View allThe HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unkno
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unkn
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown imp
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Ap
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling at
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.2.1. Rated critical severity
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.0.0 th
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle a
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked enco
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Rated high severity (CVSS 7.5), this vulnerab
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today