Product:

Traffic_server

(Apache)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 56
Date Id Summary Products Score Patch Annotated
2022-08-10 CVE-2021-37150 Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Traffic_server, Debian_linux, Fedora 7.5
2022-08-10 CVE-2022-28129 Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Traffic_server, Debian_linux, Fedora 7.5
2022-08-10 CVE-2022-31780 Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Traffic_server, Debian_linux, Fedora 7.5
2019-08-13 CVE-2019-9517 Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both. Http_server, Traffic_server, Swiftnio, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, Clustered_data_ontap, Node\.js, Leap, Communications_element_manager, Graalvm, Instantis_enterprisetrack, Retail_xstore_point_of_service, Enterprise_linux, Jboss_core_services, Jboss_enterprise_application_platform, Openshift_service_mesh, Quay, Software_collections, Diskstation_manager, Skynas, Vs960hd_firmware 7.5
2022-12-19 CVE-2022-40743 Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. Traffic_server 6.1
2022-12-19 CVE-2022-32749 Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. Traffic_server 7.5
2022-12-19 CVE-2022-37392 Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Traffic_server 5.3
2022-08-10 CVE-2022-25763 Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Traffic_server, Debian_linux, Fedora 7.5
2022-08-10 CVE-2022-31779 Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Traffic_server, Debian_linux, Fedora 7.5
2022-08-10 CVE-2022-31778 Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2. Traffic_server, Debian_linux 7.5