ID CVE-2014-3525
Summary Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
References
Vulnerable Configurations
  • Apache Software Foundation Traffic Server 2.0.0
    cpe:2.3:a:apache:traffic_server:2.0.0
  • Apache Software Foundation Traffic Server 2.0.0 alpha
    cpe:2.3:a:apache:traffic_server:2.0.0:alpha
  • Apache Software Foundation Traffic Server 2.0.1
    cpe:2.3:a:apache:traffic_server:2.0.1
  • Apache Software Foundation Traffic Server 2.1.0
    cpe:2.3:a:apache:traffic_server:2.1.0
  • Apache Software Foundation Traffic Server 2.1.1
    cpe:2.3:a:apache:traffic_server:2.1.1
  • Apache Software Foundation Traffic Server 2.1.2
    cpe:2.3:a:apache:traffic_server:2.1.2
  • Apache Software Foundation Traffic Server 2.1.3
    cpe:2.3:a:apache:traffic_server:2.1.3
  • Apache Software Foundation Traffic Server 2.1.4
    cpe:2.3:a:apache:traffic_server:2.1.4
  • Apache Software Foundation Traffic Server 2.1.5
    cpe:2.3:a:apache:traffic_server:2.1.5
  • Apache Software Foundation Traffic Server 2.1.6
    cpe:2.3:a:apache:traffic_server:2.1.6
  • Apache Software Foundation Traffic Server 2.1.7
    cpe:2.3:a:apache:traffic_server:2.1.7
  • Apache Software Foundation Traffic Server 2.1.8
    cpe:2.3:a:apache:traffic_server:2.1.8
  • Apache Software Foundation Traffic Server 2.1.9
    cpe:2.3:a:apache:traffic_server:2.1.9
  • Apache Software Foundation Traffic Server 3.0.0
    cpe:2.3:a:apache:traffic_server:3.0.0
  • Apache Software Foundation Traffic Server 3.0.1
    cpe:2.3:a:apache:traffic_server:3.0.1
  • Apache Software Foundation Traffic Server 3.0.2
    cpe:2.3:a:apache:traffic_server:3.0.2
  • Apache Software Foundation Traffic Server 3.0.3
    cpe:2.3:a:apache:traffic_server:3.0.3
  • Apache Software Foundation Traffic Server 3.0.4
    cpe:2.3:a:apache:traffic_server:3.0.4
  • Apache Software Foundation Traffic Server 3.1.0
    cpe:2.3:a:apache:traffic_server:3.1.0
  • Apache Software Foundation Traffic Server 3.1.1
    cpe:2.3:a:apache:traffic_server:3.1.1
  • Apache Software Foundation Traffic Server 3.1.2
    cpe:2.3:a:apache:traffic_server:3.1.2
  • Apache Software Foundation Traffic Server 3.1.3
    cpe:2.3:a:apache:traffic_server:3.1.3
  • Apache Software Foundation Traffic Server 3.1.4
    cpe:2.3:a:apache:traffic_server:3.1.4
  • Apache Software Foundation Traffic Server 3.2.0
    cpe:2.3:a:apache:traffic_server:3.2.0
  • Apache Software Foundation Traffic Server 3.3.0
    cpe:2.3:a:apache:traffic_server:3.3.0
  • Apache Software Foundation Traffic Server 3.3.1
    cpe:2.3:a:apache:traffic_server:3.3.1
  • Apache Software Foundation Traffic Server 3.3.2
    cpe:2.3:a:apache:traffic_server:3.3.2
  • Apache Software Foundation Traffic Server 3.3.3
    cpe:2.3:a:apache:traffic_server:3.3.3
  • Apache Software Foundation Traffic Server 3.3.4
    cpe:2.3:a:apache:traffic_server:3.3.4
  • Apache Software Foundation Traffic Server 3.3.5
    cpe:2.3:a:apache:traffic_server:3.3.5
  • Apache Software Foundation Traffic Server 4.0.1
    cpe:2.3:a:apache:traffic_server:4.0.1
  • Apache Software Foundation Traffic Server 4.1.0
    cpe:2.3:a:apache:traffic_server:4.1.0
  • Apache Software Foundation Traffic Server 4.2.0
    cpe:2.3:a:apache:traffic_server:4.2.0
  • Apache Software Foundation Traffic Server 4.2.1
    cpe:2.3:a:apache:traffic_server:4.2.1
  • Apache Software Foundation Traffic Server 5.0.0
    cpe:2.3:a:apache:traffic_server:5.0.0
CVSS
Base: 10.0 (as of 25-09-2014 - 11:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
refmap via4
mlist [trafficserver-users] 20140723 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2014-3525
secunia 60375
xf apache-traffic-cve20143525-unspecified(95495)
Last major update 04-10-2014 - 01:18
Published 22-08-2014 - 10:55
Last modified 28-08-2017 - 21:34
Back to Top