Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Traffic_server
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 73 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-08-29 | CVE-2018-8005 | When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | Traffic_server, Debian_linux | 5.3 | ||
| 2018-08-29 | CVE-2018-8022 | A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions. | Traffic_server | 7.5 | ||
| 2018-08-29 | CVE-2018-8040 | Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. | Traffic_server, Debian_linux | 5.3 | ||
| 2019-03-07 | CVE-2018-11783 | sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. | Traffic_server | 7.5 | ||
| 2019-08-13 | CVE-2019-9512 | Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | Traffic_server, Swiftnio, Debian_linux, Node\.js | 7.5 | ||
| 2019-10-22 | CVE-2019-10079 | Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. | Traffic_server | 7.5 | ||
| 2020-03-23 | CVE-2019-17559 | There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | Traffic_server, Debian_linux | 9.8 | ||
| 2020-03-23 | CVE-2019-17565 | There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | Traffic_server, Debian_linux | 9.8 | ||
| 2017-04-17 | CVE-2017-5659 | Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | Traffic_server | 7.5 | ||
| 2017-04-17 | CVE-2016-5396 | Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | Traffic_server | 7.5 |