CVE-2010-2952

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*

Information

Published : 2010-09-13 14:00

Updated : 2018-10-10 13:00


NVD link : CVE-2010-2952

Mitre link : CVE-2010-2952


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

apache

  • traffic_server