CVE-2017-5660
high-risk
Published 2018-02-27
There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.
Do I need to act?
~
2.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10
High
NETWORK
/ LOW complexity
Affected Products (10)
References (4)
Third Party Advisory
https://www.debian.org/security/2018/dsa-4128
Third Party Advisory
https://www.debian.org/security/2018/dsa-4128
51
/ 100
high-risk
Severity
29/34 · Critical
Exploitability
6/34 · Minimal
Exposure
16/34 · Moderate