trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan-Frode Myklebust <>
Subject Re: [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2014-3525
Date Thu, 24 Jul 2014 09:10:45 GMT
On Wed, Jul 23, 2014 at 08:26:39AM -0700, Bryan Call wrote:
> Below is our announcement for the security issue reported to us from 
> Yahoo! Japan.  All versions of Apache Traffic Server are  vulnerable.

Is there any information available about this problem, so that we can make
a judgement on criticality of the upgrade? Any reason to believe a
properly firewalled trafficserver (only incoming 80/tcp and 443/tcp allowed)
should be remotely exploitable?



View raw message