fkie_cve-2025-31698
Vulnerability from fkie_nvd
Published
2025-06-19 10:15
Modified
2025-07-01 20:14
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.  This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.
References
security@apache.orghttps://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8Mailing List, Vendor Advisory
Impacted products
Vendor Product Version
apache traffic_server *
apache traffic_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB2F8C0-3B8A-4C21-8358-4718FB3ECA5C",
              "versionEndExcluding": "9.2.11",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF96465-2A06-4EC2-832C-36A094908691",
              "versionEndExcluding": "10.0.6",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.\n\nUsers can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol.\u00a0\nThis issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10.\n\nUsers are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue."
    },
    {
      "lang": "es",
      "value": "La ACL configurada en ip_allow.config o remap.config no utiliza las direcciones IP proporcionadas por el protocolo PROXY. Los usuarios pueden usar una nueva configuraci\u00f3n (proxy.config.acl.subjects) para elegir las direcciones IP que se usar\u00e1n para la ACL si Apache Traffic Server est\u00e1 configurado para aceptar el protocolo PROXY. Este problema afecta a las versiones undefined: de la 10.0.0 a la 10.0.6 y de la 9.0.0 a la 9.2.10. Se recomienda actualizar a la versi\u00f3n 9.2.11 o 10.0.6, que soluciona el problema."
    }
  ],
  "id": "CVE-2025-31698",
  "lastModified": "2025-07-01T20:14:42.687",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-19T10:15:20.980",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.