CVE-2023-39456


Apache Traffic Server: Malformed http/2 frames can cause an abort

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.


We have discovered 560 live websites that are affected by CVE-2023-39456.

Contact us to get more info



Affected Software

Product  ATS
Category Web Servers
Vulnerable Versions
  • from 9 through 9.2.2
Total Vulnerable Versions41
Vulnerable Domains560 live websites (33.31% of ATS install base)


Common Weakness Enumeration


CWE-20 Improper Input Validation



Details

  • Published - Oct 17, 2023
  • Updated - Oct 17, 2023

Credits

  • Akshat Parikh (finder)





Countries

United States273 websites


Germany198 websites
GB46 websites
Italy31 websites
Japan4 websites
Belgium3 websites
Netherlands2 websites
Estonia1 websites
Finland1 websites
Hong Kong1 websites

TLDs

.org282 websites
.info91 websites
.com28 websites
.it25 websites
.de17 websites
.org.uk12 websites
.net6 websites
.jp2 websites
.co.jp1 websites
.eu1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2023-39456

Top websites that are affected by CVE-2023-39456. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
**.*********.org United States**
*******.*********.org United States***
***.*********.org United States*,***
**.*********.org United States*,***
**.*********.org United States*,***
**.*.*********.org United States*,***
****.*********.org United States*,***
**.*********.org United States*,***
**.*********.org United States*,***
**.*********.org United States*,***
See full domain list