CVE-2023-30631
Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't workImproper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0.
8.x users should upgrade to 8.1.7 or later versions
9.x users should upgrade to 9.2.1 or later versions
We have discovered 598 live websites that are affected by CVE-2023-30631.
Contact us to get more info
Affected Software
| |
---|
Product | ATS |
Category | Web Servers |
Vulnerable Versions | |
Total Vulnerable Versions | 41 |
Vulnerable Domains | 598 live websites (35.57% of ATS install base) |
Common Weakness Enumeration
CWE-20 Improper Input Validation
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-30631 and the relative popularity of websites