CVE-2015-5168 - Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5

CVE-2015-5168

Summary

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.

References

http://mail-archives.us.apache.org/mod_mbox/www-announce/201509.mbox/%3CCABF6JR2j5vesvnjbm6sDPB_zAGj3kNgzzHEpLUh6dWG6t8mC2w@mail.gmail.com%3E

Vulnerable Configurations

cpe:2.3:a:apache:traffic_server:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:5.3.1:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 21-09-2017 - 18:40)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

mlist

[www-announce] 20150914 [ANNOUNCE] Apache Traffic Server 5.3.2 is released!

Last major update

21-09-2017 - 18:40

Published

13-09-2017 - 16:29

Last modified

21-09-2017 - 18:40