Apache Traffic Server 5.2.0 - 5.3.2 / 6.x < 6.2.2 / 7.x < 7.1.2 TLS Handshake DoS

High Nessus Plugin ID 107228


The remote caching server is affected by an input-validation vulnerability.


According to its banner, the version of Apache Traffic Server running on the remote host is between 5.2.0 and 5.3.2, 6.x prior to 6.2.2 or 7.x prior to 7.1.2. It is, therefore, affected by a flaw related to handling TLS handshakes that allows a remote attacker to crash the application.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Upgrade to Apache Traffic Server version 6.2.2, 7.1.2 or later.

See Also


Plugin Details

Severity: High

ID: 107228

File Name: apache_traffic_server_712_tls_handshake.nasl

Version: 1.2

Type: remote

Family: Web Servers

Published: 2018/03/08

Updated: 2018/08/09

Dependencies: 87242, 58592

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:apache:traffic_server

Required KB Items: www/apache_traffic_server

Patch Publication Date: 2018/02/27

Vulnerability Publication Date: 2018/02/27

Reference Information

CVE: CVE-2017-7671