CVE-2010-2952

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-09-13 21:00

Updated : 2024-02-28 11:41


NVD link : CVE-2010-2952

Mitre link : CVE-2010-2952

CVE.ORG link : CVE-2010-2952


JSON object : View

Products Affected

apache

  • traffic_server
CWE
CWE-20

Improper Input Validation