Lucene search
+L

10 matches found

OSV
OSV
added 2025/07/25 1:17 p.m.3 views

OESA-2025-1904 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Apache Traffic Server ATS is a set of scalable HTTP proxy and caching servers from the Apache Foundation in the United States. Apache Traffic Server ATS versions...

7.5CVSS7AI score0.00632EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/06/27 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2025-ed452354bb)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.00632EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/06/25 12:0 a.m.4 views

Debian: Security Advisory (DSA-5948-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.00632EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2025/06/20 5:10 p.m.9 views

CVE-2025-49763 – Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin

Remote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability CVSS v3.1 estimated score: 7.5 in Apache Traff...

7.5CVSS8.1AI score0.00632EPSS
Exploits0
NVD
NVD
added 2025/06/19 10:15 a.m.6 views

CVE-2025-49763

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

7.5CVSS0.00632EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/06/19 10:15 a.m.6 views

CVE-2025-49763

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

7.5CVSS5.8AI score0.00632EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/06/19 10:7 a.m.10 views

CVE-2025-49763

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

7.5CVSS5.3AI score0.00632EPSS
Exploits0
CVE
CVE
added 2025/06/19 10:7 a.m.81 views

CVE-2025-49763

CVE-2025-49763 affects Apache Traffic Server via the ESI plugin. The vulnerability arises when ESI requests stack with no limit on inclusion depth, allowing memory exhaustion and potential DoS on ATS nodes. Affected versions are ATS 10.0.0–10.0.5 and 9.0.0–9.2.10. Remediation is to upgrade to 9.2...

7.5CVSS6.5AI score0.00632EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/06/19 10:7 a.m.19 views

CVE-2025-49763 Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

0.00632EPSS
Exploits0References1
OSV
OSV
added 2025/06/19 10:7 a.m.5 views

CVE-2025-49763 Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

7.5CVSS6AI score0.00632EPSS
Exploits0References3
Rows per page
Query Builder