CVE-2017-7671
HIGHApache Traffic Server 5.2.0-5.3.2, 6.0.0-6.2.0, 7.0.0 - Denial of Service via TLS Handshake
Title source: llmDescription
There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump.
References (2)
Core 2
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4128
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/203bdcf9bbb718f3dc6f7aaf3e2af632474d51fa9e7bfb7832729905%40%3Cdev.trafficserver.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.0427
EPSS Percentile
89.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (3)
apache/traffic_server
7.0.0
apache/traffic_server
5.2.0 - 5.3.2
debian/debian_linux
9.0
Published
Feb 27, 2018
Tracked Since
Feb 18, 2026