Login Sign Up

CVE-2022-47185

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows attackers to exploit improper input validation in Apache Traffic Server's range header handling. Attackers could cause denial of service or potentially execute arbitrary code by sending specially crafted HTTP requests. All Apache Traffic Server deployments through version 9.2.1 are affected.

💻 Affected Systems

Products:
  • Apache Traffic Server
Versions: through 9.2.1
Operating Systems: All platforms running Apache Traffic Server
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations using the vulnerable versions are affected.

📦 What is this software?

Traffic Server by Apache

View all CVEs affecting Traffic Server →

Traffic Server by Apache

View all CVEs affecting Traffic Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and data exfiltration.

🟠

Likely Case

Denial of service causing service disruption and potential data corruption.

🟢

If Mitigated

Limited impact with proper input validation and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted HTTP requests with malicious range headers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.2.2 and later

Vendor Advisory: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc

Restart Required: Yes

Instructions:

1. Download Apache Traffic Server 9.2.2 or later from the official Apache website. 2. Stop the Traffic Server service. 3. Install the updated version. 4. Restart the Traffic Server service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement custom input validation for range headers using Traffic Server plugins

Requires custom plugin development - no standard command

WAF Rule

all

Deploy Web Application Firewall rules to block malicious range headers

Depends on specific WAF platform

🧯 If You Can't Patch

  • Implement strict network segmentation to limit access to Traffic Server instances
  • Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check the Traffic Server version using 'traffic_server -V' or 'traffic_manager -V'

Check Version:

traffic_server -V

Verify Fix Applied:

Verify version is 9.2.2 or later using 'traffic_server -V'

📡 Detection & Monitoring

Log Indicators:

  • Unusual range header patterns in access logs
  • Multiple failed requests with malformed headers
  • Service restart patterns

Network Indicators:

  • HTTP requests with unusually formatted range headers
  • Multiple connection attempts to Traffic Server ports

SIEM Query:

source="traffic_server" AND (http_header="range" AND http_header_value MATCHES "[^0-9,-]" OR http_header_value CONTAINS "..")

📊 Metadata

CVE ID: CVE-2022-47185
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: August 9, 2023
Last Updated: February 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47185, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)