CVE-2022-40743
Publication date 19 December 2022
Last updated 26 August 2025
Ubuntu priority
Description
Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| trafficserver | 26.04 LTS resolute | Not in release |
| 25.10 questing |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial | Ignored end of standard support | |
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
6.1 · Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
Other references
- https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02
- https://github.com/apache/trafficserver/commit/eb5efe19e68e51db58a6320b4a99e3fc83336a14 (master)
- https://github.com/apache/trafficserver/commit/20c857a785da93fa0e3263597207b5ef35b65b7c (v9.1.x)
- https://www.cve.org/CVERecord?id=CVE-2022-40743