CVE-2017-7671
7.5
HIGH
CVSS 3.1
EPSS 4.3%
Description
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.
How to fix CVE-2017-7671
To remediate CVE-2017-7671, upgrade the affected package to a fixed version below.
- Debian/trafficserver—upgrade to 7.1.2+ds-1 or later
Is CVE-2017-7671 being exploited?
Low — EPSS is 4.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.1.2+ds-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |