CVE-2020-9494

Summary

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Traffic Server6.0.0 to 6.2.3affected
Apache Software FoundationApache Traffic Server7.0.0 to 7.1.10affected
Apache Software FoundationApache Traffic Server8.0.0 to 8.0.7affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References