{"id":"CVE-2020-17509","details":"ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.","modified":"2026-03-14T10:19:30.455224Z","published":"2021-01-11T10:15:13.407Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/trafficserver","events":[{"introduced":"27f8e2cda9133864e6ffae0224c799fde5f10290"},{"last_affected":"eaed59510bda6f1d27854d9d3f07aace2afffc16"},{"introduced":"6c1c6cf20e7d0e287d697a0f4181436013d17c30"},{"last_affected":"439a7cfcb70dcb92485dd6989af80d9f900d1f99"},{"introduced":"b310e3566f58dd04ec2b15b111ec86ea70e20019"},{"last_affected":"ac05db1ca58e990e0d2c49b57e5b6364df71dabc"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"last_affected":"6.2.3"},{"introduced":"7.0.0"},{"last_affected":"7.1.10"},{"introduced":"8.0.0"},{"last_affected":"8.0.7"}]}}],"versions":["8.0.0","8.0.0-rc4","8.0.1","8.0.1-rc0","8.0.2","8.0.2-rc0","8.0.3","8.0.3-rc0","8.0.4","8.0.4-rc0","8.0.5","8.0.6","8.0.6-rc0","8.0.6-rc1","8.0.7","8.0.7-rc0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17509.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}