CVE-2020-17509
7.5
HIGH
CVSS 3.1
EPSS 3.0%
Description
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
How to fix CVE-2020-17509
To remediate CVE-2020-17509, upgrade the affected package to a fixed version below.
- Debian/trafficserver—upgrade to 8.1.1+ds-1 or later
Is CVE-2020-17509 being exploited?
Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 8.1.1+ds-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |