CVE-2023-30631
Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions
We have discovered 598 live websites that are affected by CVE-2023-30631.
Affected Software
| Product |  ATS |
| Category | Web Servers |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 41 |
| Vulnerable Domains | 598 live websites (35.57% of ATS install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-30631 and the relative popularity of websitesDetails
- Published - Jun 14, 2023
- Updated - Jun 14, 2023
Credits
- Chris Lemmons (finder)
CWE
CVE References
CWE References
Countries
 United States | 289 websites |
 Germany | 200 websites |
 Italy | 31 websites |
 GB | 18 websites |
 France | 15 websites |
 Finland | 11 websites |
 Russia | 10 websites |
 Netherlands | 7 websites |
 Japan | 4 websites |
 Belgium | 3 websites |
TLDs
| .org | 278 websites |
| .info | 91 websites |
| .com | 53 websites |
| .it | 21 websites |
| .de | 19 websites |
| .ru | 10 websites |
| .fi | 9 websites |
| .net | 4 websites |
| .nl | 3 websites |
| .edu | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-30631 through included software libraries and plugins.References
- https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
- https://www.debian.org/security/2023/dsa-5435
- https://lists.fedoraproject.org/archives/list/[email protected]/message/6GDCBNFDDW6ULW7CACJCPENI7BVDHM5O/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/FGWXNAEEVRUZ5JG4EJAIIFC3CI7LFETV/
- https://lists.debian.org/debian-lts-announce/2023/06/msg00037.html
Websites affected by CVE-2023-30631
Top websites that are affected by CVE-2023-30631. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **.*********.org | United States | ** | |
| *******.*********.org | United States | *** | |
| ***.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*.*********.org | United States | *,*** | |
| ****.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** |