漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Traffic Server 安全漏洞
Vulnerability Description
Apache Traffic Server(ATS)是美国阿帕奇(Apache)软件基金会的一款高效、可扩展的HTTP代理和缓存服务器。 Apache ATS 6.0.0版本至6.2.2版本和7.0.0版本至7.1.3版本中存在安全漏洞,该漏洞源于使用ESI插件渲染的页面可以访问cookie包头,即使该插件被配置为不允许访问。攻击者可利用该漏洞绕过安全限制,执行未授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A