漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin
Vulnerability Description
ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Apache Traffic Server(ATS) 资源管理错误漏洞
Vulnerability Description
Apache Traffic Server(ATS)是美国阿帕奇(Apache)基金会的一套可扩展的HTTP代理和缓存服务器。 Apache Traffic Server(ATS) 10.0.0至10.0.5版本和9.0.0至9.2.10版本存在资源管理错误漏洞,该漏洞源于ESI插件未限制最大包含深度可能导致内存消耗过度。
CVSS Information
N/A
Vulnerability Type
N/A