CVE-2017-5660

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-5660
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5660.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-5660
Downstream
Published
2018-02-27T20:29:00.403Z
Modified
2026-02-26T09:03:13.313627Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

References

Affected packages

Git / github.com/apache/trafficserver

Affected ranges

Type
GIT
Repo
https://github.com/apache/trafficserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a57be23251358e6ac97442ebde3dae8d95d94846

Affected versions

3.*
3.1.2
3.1.3
3.3.0
3.3.1
4.*
4.1.0
4.2.0-rc0
6.*
6.2.0
6.2.0-rc0
6.2.0-rc1
6.2.0-rc2
6.2.0-rc3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5660.json"