Apache Traffic Server 8.x9.x Input Validation Flaw in push_method_enabled
CVE-2023-30631 Published on June 14, 2023
Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.
8.x users should upgrade to 8.1.7 or later versions
9.x users should upgrade to 9.2.1 or later versions
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2023-30631
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-30631 are published in these products:
Affected Versions
Apache Software Foundation Apache Traffic Server:- Version 8.0.0, <= 9.2.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.