CNNVD-202506-2560 Information
CNNVD ID
CNNVD-202506-2560
Related CVE
- CNNVD Published: 2025-06-19
Description (Chinese)
Apache Traffic Server(ATS)是美国阿帕奇(Apache)基金会的一套可扩展的HTTP代理和缓存服务器。 Apache Traffic Server(ATS) 10.0.0至10.0.6版本和9.0.0至9.2.10版本存在访问控制错误漏洞,该漏洞源于ACL配置未使用PROXY协议提供的IP地址。
Description (English)
Apache Traffic Server (ATS) is an extended HTTP proxy and cache server for the Apache Foundation in the United States. Appache Traffic Server (ATS) versions 10.0.0 to 10.0.6 and 9.0.0 to 9.2.10 have access control error loopholes, which stem from the fact that the ACL configuration does not use IP addresses provided by the PROXY protocol.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
阿帕奇
Published
2025-06-19
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-31698 https://access.redhat.com/security/cve/cve-2025-31698 https://vigilance.fr/vulnerability/Apache-Traffic-Server-information-disclosure-via-PROXY-Protocol-47523
Patch
https://trafficserver.apache.org/downloads
Share on: