CVE-2023-41752
Apache Traffic Server: s3_auth plugin problem with hash calculation
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
We have discovered 651 live websites that are affected by CVE-2023-41752.
Affected Software
| Product |  ATS |
| Category | Web Servers |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 41 |
| Vulnerable Domains | 651 live websites (38.73% of ATS install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-41752 and the relative popularity of websitesDetails
- Published - Oct 17, 2023
- Updated - Oct 17, 2023
Credits
- Masakazu Kitajo (finder)
CWE
CVE References
CWE References
Countries
 United States | 289 websites |
 Germany | 200 websites |
 Italy | 58 websites |
 GB | 50 websites |
 Finland | 11 websites |
 France | 11 websites |
 Russia | 10 websites |
 Netherlands | 7 websites |
 Japan | 4 websites |
 Belgium | 3 websites |
TLDs
| .org | 292 websites |
| .info | 91 websites |
| .com | 60 websites |
| .it | 43 websites |
| .de | 17 websites |
| .org.uk | 12 websites |
| .ru | 10 websites |
| .fi | 9 websites |
| .net | 6 websites |
| .nl | 3 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2023-41752 through included software libraries and plugins.References
- https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
- https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
- https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
- https://www.debian.org/security/2023/dsa-5549
Websites affected by CVE-2023-41752
Top websites that are affected by CVE-2023-41752. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **.*********.org | United States | ** | |
| *******.*********.org | United States | *** | |
| ***.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*.*********.org | United States | *,*** | |
| ****.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** |