Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Traffic Server Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2014-3624

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

9.8CVSS

6.3AI Score

0.003EPSS

2017-10-30 02:29 PM
46
cve
cve

CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

9.8CVSS

9.8AI Score

0.055EPSS

2017-10-30 02:29 PM
34
cve
cve

CVE-2015-5168

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.

9.8CVSS

9.3AI Score

0.002EPSS

2017-09-13 04:29 PM
38
cve
cve

CVE-2015-5206

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.

9.8CVSS

9.3AI Score

0.002EPSS

2017-09-13 04:29 PM
32
cve
cve

CVE-2019-17559

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

9.8CVSS

9.2AI Score

0.002EPSS

2020-03-23 10:15 PM
77
cve
cve

CVE-2019-17565

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

9.8CVSS

9.2AI Score

0.002EPSS

2020-03-23 10:15 PM
61
cve
cve

CVE-2020-1944

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

9.8CVSS

9.2AI Score

0.002EPSS

2020-03-23 10:15 PM
78
cve
cve

CVE-2021-35474

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

9.8CVSS

9.3AI Score

0.003EPSS

2021-06-30 08:15 AM
66
7
cve
cve

CVE-2021-43082

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.

9.8CVSS

9.2AI Score

0.003EPSS

2021-11-03 04:15 PM
51
cve
cve

CVE-2023-33934

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

9.1CVSS

9AI Score

0.006EPSS

2023-08-09 07:15 AM
53