CVE-2017-5660
trafficserver - security update
8.6
HIGH
CVSS 3.1
EPSS 2.6%
Description
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.
How to fix CVE-2017-5660
To remediate CVE-2017-5660, upgrade the affected package to a fixed version below.
- Debian/trafficserver—upgrade to 7.1.2+ds-1 or later
- —upgrade to 7.0.0-6+deb9u1 or later
Is CVE-2017-5660 being exploited?
Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 7.1.2+ds-1
- from 0, < 7.0.0-6+deb9u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.6 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N |