Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Traffic_server
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 73 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-23 | CVE-2020-1944 | There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | Traffic_server, Debian_linux | 9.8 | ||
| 2020-04-27 | CVE-2020-9481 | Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. | Traffic_server, Debian_linux | 7.5 | ||
| 2020-06-24 | CVE-2020-9494 | Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-01-11 | CVE-2020-17508 | The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | Traffic_server | 7.5 | ||
| 2021-01-11 | CVE-2020-17509 | ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | Traffic_server | 7.5 | ||
| 2021-05-14 | CVE-2021-27737 | Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. | Traffic_server | 7.5 | ||
| 2021-06-29 | CVE-2021-27577 | Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-06-29 | CVE-2021-32565 | Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-06-30 | CVE-2021-32566 | Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 | ||
| 2021-06-30 | CVE-2021-32567 | Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. | Traffic_server, Debian_linux | 7.5 |