{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-9494", "ASSIGNER": "security@apache.org", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Apache Software Foundation", "product": { "product_data": [ { "product_name": "Apache Traffic Server", "version": { "version_data": [ { "version_value": "6.0.0 to 6.2.3" }, { "version_value": "7.0.0 to 7.1.10" }, { "version_value": "8.0.0 to 8.0.7" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "refsource": "CONFIRM", "name": "https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E", "url": "https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E" }, { "refsource": "DEBIAN", "name": "DSA-4710", "url": "https://www.debian.org/security/2020/dsa-4710" }, { "refsource": "MLIST", "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484", "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread." } ] } }