CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:traffic_server:5.3.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:28

Type Values Removed Values Added
References () http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g%40mail.gmail.com%3E - () http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g%40mail.gmail.com%3E -
References () http://www.securityfocus.com/bid/101631 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/101631 - Third Party Advisory, VDB Entry
References () https://yahoo-security.tumblr.com/post/122883273670/apache-traffic-server-http2-fuzzing - Issue Tracking, Third Party Advisory () https://yahoo-security.tumblr.com/post/122883273670/apache-traffic-server-http2-fuzzing - Issue Tracking, Third Party Advisory

07 Nov 2023, 02:25

Type Values Removed Values Added
References
  • {'url': 'http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g@mail.gmail.com%3E', 'name': '[www-announce] 20150704 [ANNOUNCE] Apache Traffic Server 5.3.1 is released!', 'tags': ['Issue Tracking', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • () http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g%40mail.gmail.com%3E -

Information

Published : 2017-10-30 14:29

Updated : 2024-11-21 02:28


NVD link : CVE-2015-3249

Mitre link : CVE-2015-3249

CVE.ORG link : CVE-2015-3249


JSON object : View

Products Affected

apache

  • traffic_server
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer