CVE-2022-37392: Apache Traffic Server: Improperly reading the client requests
First published: Mon Dec 19 2022(Updated: )
Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Traffic Server | >=8.0.0<8.1.6 | |
| Apache Traffic Server | >=9.0.0<9.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-37392?
CVE-2022-37392 is an Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. It affects versions 8.0.0 to 9.1.2.
What is the severity of CVE-2022-37392?
The severity of CVE-2022-37392 is medium, with a CVSSv3 score of 5.3.
How does CVE-2022-37392 impact Apache Traffic Server?
CVE-2022-37392 can potentially be exploited to bypass security controls and cause abnormal behavior in Apache Traffic Server.
Is there a fix available for CVE-2022-37392?
Yes, the fix for CVE-2022-37392 is to update Apache Traffic Server to version 9.1.4 or later.
Where can I find more information about CVE-2022-37392?
You can find more information about CVE-2022-37392 at the following reference link: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/title
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/apache
- canonical/apache traffic server
- version/apache traffic server/8.0.0
- version/apache traffic server/9.0.0