CVE-2022-40743: Apache Traffic Server: Security issues with the xdebug plugin
First published: Mon Dec 19 2022(Updated: )
Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Traffic Server | >=8.0.0<=8.1.5 | |
| Apache Traffic Server | >=9.0.0<=9.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-40743.
What is the severity of CVE-2022-40743?
CVE-2022-40743 has a severity rating of 6.1 (medium).
What is the affected software for CVE-2022-40743?
The affected software for CVE-2022-40743 is Apache Traffic Server version 9.0.0 to 9.1.3.
How can I fix CVE-2022-40743?
To fix CVE-2022-40743, users should upgrade to Apache Traffic Server version 9.1.4 or later.
What are the potential risks of CVE-2022-40743?
CVE-2022-40743 can lead to cross-site scripting (XSS) and cache poisoning attacks.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/description
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache traffic server
- version/apache traffic server/8.0.0
- version/apache traffic server/8.1.5
- version/apache traffic server/9.0.0
- version/apache traffic server/9.1.3