Integer Overflow lead to DOS in handling Accept-Encoding header in API /v2/models/<model-name>/generate

This report is not public...

EUVD-2003-0833

Malware in sbrugna...

EUVD-2018-0581

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-35296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: fro...

SUSE CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

DEBIAN-CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

AZL-56504 CVE-2025-0725 affecting package curl for versions less than 8.11.1-3

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPTACCEPTENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow...

Debian dla-3897 : trafficserver - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3897 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3897-1 [email protected]...

Windows IIS HTTP Protocol Stack Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...

Incorrect Input Validation

Apache Traffic Server is vulnerable to Incorrect Input Validation. The vulnerability is caused due to Invalid Accept-Encoding header. This can lead to fail cache lookup and force forwarding requests...

OESA-2024-1981 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from...

The vulnerability of the Apache Traffic Server web server, related to insufficient input validation, allows attackers to execute arbitrary requests.

The vulnerability of the Apache Traffic Server web server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary requests using the HTTP Accept-Encoding header...

Apache Traffic Server 8.x < 8.1.11 / 9.x < 9.2.5 Multiple Vulnerabilities

According to its self reported version, the remote Apache Traffic Server install is affected by multiple vulnerabilities. - Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the...

DEBIAN-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

UBUNTU-CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2024-35296

Apache Traffic Server (versions 8.0.0–8.1.10 and 9.0.0–9.2.4) is affected by CVE-2024-35296 due to incorrect handling of the Accept-Encoding header, which can cause cache lookups to fail and lead to forwarding requests. The issue is resolved by upgrading to 8.1.11 or 9.2.5. Certified advisories f...

CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue...

PT-2024-5532 · Apache · Apache Traffic Server

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.10 Apache Traffic Server versions 9.0.0 through 9.2.4 Description: The issue is related to insufficient input validation, allowing a remote attacker to execute arbitrary requests using the HTTP...