Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Traffic_server
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 64 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-29 | CVE-2021-27577 | Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-06-29 | CVE-2021-32565 | Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-06-30 | CVE-2021-32566 | Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-06-30 | CVE-2021-32567 | Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-06-30 | CVE-2021-35474 | Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 9.8 | ||
| 2020-06-24 | CVE-2020-9494 | Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-01-11 | CVE-2020-17508 | The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | Traffic_server | 7.5 | ||
| 2021-01-11 | CVE-2020-17509 | ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | Traffic_server | 7.5 | ||
| 2017-04-17 | CVE-2017-5659 | Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | Traffic_server | 7.5 | ||
| 2017-04-17 | CVE-2016-5396 | Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | Traffic_server | 7.5 |