Lucene search
K
ApacheTraffic Server

82 matches found

CVE
CVE
added 2018/08/29 1:0 p.m.78 views

CVE-2018-8005

CVE-2018-8005 affects Apache Traffic Server (ATS). When a range request contains multiple ranges, ATS reads the entire object from cache, causing potential performance degradation for large cached objects. Affected versions are 6.0.0–6.2.2 and 7.0.0–7.1.3. Mitigation: upgrade to 6.2.3 or later fo...

5.3CVSS6AI score0.06895EPSS
CVE
CVE
added 2022/08/10 12:0 a.m.78 views

CVE-2022-28129

Apache Traffic Server versions 8.0.0–9.1.2 are affected by CVE-2022-28129 due to improper input validation in HTTP/1.1 header parsing, allowing an attacker to send invalid headers. Fedora advisories indicate upgrades to 9.1.3 (and 8.0.2+ds-1+deb10u7 for Debian) to fix the issue. CVSSv3 base score...

7.5CVSS7.3AI score0.01849EPSS
CVE
CVE
added 2024/11/14 9:55 a.m.78 views

CVE-2024-50306

CVE-2024-50306 affects Apache Traffic Server. An unchecked return value can allow the process to retain privileges on startup, enabling a potential privilege escalation. Affected versions: 9.2.0–9.2.5 and 10.0.0–10.0.1. The issue is mitigated by upgrading to 9.2.6 or 10.0.2, which contain the fix...

9.1CVSS9.2AI score0.0158EPSS
CVE
CVE
added 2023/06/14 7:44 a.m.77 views

CVE-2023-33933

Apache Traffic Server (OSS reverse/forward proxy) is affected by CVE-2023-33933, impacting versions 8.0.0 through 9.2.0. The issue is described as Exposure of Sensitive Information to an Unauthorized Actor, with impact confined to confidentiality (C: High, I: None, A: None) and no user interactio...

7.5CVSS7.3AI score0.01496EPSS
CVE
CVE
added 2022/08/10 12:0 a.m.76 views

CVE-2021-37150

CVE-2021-37150 affects Apache Traffic Server 8.0.0–9.1.2. It is due to improper input validation in header parsing, allowing an attacker to request secure resources. The issue is rated HIGH (CVSS/CA: HIGH; I/N/A impacts as documented). Remediation shown in connected advisories: upgrade to newer T...

7.5CVSS7.3AI score0.01696EPSS
CVE
CVE
added 2021/11/03 3:20 p.m.76 views

CVE-2021-38161

Apache Traffic Server (ATS) is affected by CVE-2021-38161: an improper TLS origin verification authentication vulnerability in ATS 8.0.0–8.0.8 that enables MITM attacks. The issue is rooted in TLS origin verification, allowing an attacker to intercept or manipulate traffic between clients and ATS...

8.1CVSS7.9AI score0.01888EPSS
CVE
CVE
added 2022/08/10 5:50 a.m.76 views

CVE-2022-31779

CVE-2022-31779 affects Apache Traffic Server, where an improper input validation in HTTP/2 header parsing allows request smuggling. Affected: ATS 8.0.0–9.1.2. Impact: potential inconsistency or compromise via crafted requests (I: HIGH, A: NONE, C: NONE). Mitigation in public advisories: Debian fi...

7.5CVSS7.3AI score0.01886EPSS
CVE
CVE
added 2018/02/27 8:0 p.m.75 views

CVE-2017-5660

CVE-2017-5660 affects Apache Traffic Server (ATS) versions 6.2.0 and earlier and 7.0.0 and earlier due to a Host header/line folding issue that can interact with upstream proxies and cause the wrong host to be used. Several sources describe an input-validation/host-header vulnerability with poten...

8.6CVSS8.3AI score0.0197EPSS
CVE
CVE
added 2022/12/19 10:59 a.m.74 views

CVE-2022-37392

CVE-2022-37392 is an Apache Traffic Server vulnerability described as an improper check for unusual or exceptional conditions in request handling, affecting versions 8.0.0–9.1.2. Public advisories (Debian DSA-5311, DLA-3385) and Nessus plugins state that exploitation could lead to HTTP request sm...

5.3CVSS5.4AI score0.01103EPSS
CVE
CVE
added 2025/03/06 11:23 a.m.74 views

CVE-2024-56195

CVE-2024-56195 is an Improper Access Control vulnerability in Apache Traffic Server. Affected releases: 9.2.0–9.2.8 and 10.0.0–10.0.3. The issue is fixed in 9.2.9 and 10.0.4. Connected documents corroborate multiple advisories for trafficserver and list CVEs including CVE-2024-56195; however, exp...

6.3CVSS7.1AI score0.00729EPSS
CVE
CVE
added 2018/08/29 1:0 p.m.73 views

CVE-2018-8040

CVE-2018-8040 affects Apache Traffic Server (ATS) via the ESI plugin. Pages rendered with ESI can access the cookie header even when access is disallowed, impacting ATS versions 6.0.0–6.2.2 and 7.0.0–7.1.3. The root cause is improper restriction of cookie header access within the ESI plugin, lead...

5.3CVSS5.8AI score0.08589EPSS
CVE
CVE
added 2025/03/06 11:9 a.m.73 views

CVE-2024-56202

CVE-2024-56202 is a vulnerability described as an Expected Behavior Violation in Apache Traffic Server. It affects the following releases: 9.0.0–9.2.8 and 10.0.0–10.0.3. The provided data shows a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, and privilege...

4.3CVSS7.1AI score0.0081EPSS
CVE
CVE
added 2021/11/03 3:20 p.m.72 views

CVE-2021-37148

CVE-2021-37148 is an improper input validation vulnerability in Apache Traffic Server header parsing allowing HTTP request smuggling. Affected versions: 8.0.0–8.1.2 and 9.0.0–9.0.1. Debian advisories map fixes to 8.0.2+ds-1+deb10u6 and 8.1.1+ds-1.1+deb11u1 (Bullseye/Buster), while OpenVAS/Nessus ...

7.5CVSS7.4AI score0.02507EPSS
CVE
CVE
added 2022/12/19 10:51 a.m.72 views

CVE-2022-32749

CVE-2022-32749 is an Apache Traffic Server vulnerability described as an improper check for unusual or exceptional conditions that can crash the server under certain requests. Affected products span Traffic Server 8.0.0 through 9.1.3. The connected documents indicate that Debian and Fedora adviso...

7.5CVSS7.3AI score0.013EPSS
CVE
CVE
added 2023/06/14 7:42 a.m.71 views

CVE-2022-47184

CVE-2022-47184 affects Apache Traffic Server, with affected versions 8.0.0–9.2.0. The issue is described as exposure of sensitive information to an unauthorized actor, and Debian/Fedora advisories indicate that the TRACE method can disclose network information. Multiple vendor advisories referenc...

7.5CVSS7.3AI score0.01879EPSS
CVE
CVE
added 2012/03/26 2:0 p.m.70 views

CVE-2012-0256

Apache Traffic Server is affected by CVE-2012-0256 due to a heap memory allocation bug that can be triggered by a long HTTP Host header, enabling a remote attacker to cause a DoS (daemon crash). Affected versions are 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3. The issue is a heap-based v...

5CVSS6.5AI score0.03473EPSS
CVE
CVE
added 2014/08/22 2:0 p.m.67 views

CVE-2014-3525

CVE-2014-3525 affects Apache Traffic Server 3.x (up to 3.2.5), 4.x before 4.2.1.1, and 5.x before 5.0.1. The connected sources describe an unspecified vulnerability related to synthetic health checks that can lead to DoS. Public details are limited in the provided docs; some entries reference upd...

10CVSS6.4AI score0.04546EPSS
CVE
CVE
added 2021/11/03 3:20 p.m.66 views

CVE-2021-41585

This CVE (CVE-2021-41585) affects Apache Traffic Server versions 5.0.0–9.1.0 and is caused by improper input validation in accepting socket connections, enabling an attacker to cause the server to stop accepting new connections. The issue is corroborated across multiple sources (OSV- entries, CNV...

7.5CVSS7.5AI score0.02408EPSS
CVE
CVE
added 2017/10/30 2:0 p.m.65 views

CVE-2015-3249

The CVE-2015-3249 entry concerns Apache Traffic Server (ATS) 5.3.x prior to 5.3.1, where the HTTP/2 experimental feature is vulnerable. The underlying issue affects the frame_handlers array and the set_dynamic_table_size function, enabling remote attackers to cause a denial of service (out-of-bou...

9.8CVSS9.8AI score0.05438EPSS
CVE
CVE
added 2021/11/03 3:20 p.m.65 views

CVE-2021-37149

CVE-2021-37149: Improper input validation in Apache Traffic Server header parsing allows request smuggling. Affected: ATS versions 8.0.0–8.1.2 and 9.0.0–9.1.0. The issue is mitigated by upgrading to patched releases (e.g., 8.1.3 or 9.1.1 per sources). If upgrading is not feasible, refer to vendor...

7.5CVSS7.4AI score0.02507EPSS
CVE
CVE
added 2025/03/06 11:21 a.m.64 views

CVE-2024-56196

CVE-2024-56196 affects Apache Traffic Server versions 10.0.0–10.0.3 with an improper Access Control issue. The vulnerability is documented across multiple sources in the Connected documents, which consistently state the affected product and versions and recommend upgrading to 10.0.4 to fix the is...

6.3CVSS7.1AI score0.00729EPSS
CVE
CVE
added 2017/04/17 6:0 p.m.63 views

CVE-2017-5659

CVE-2017-5659 affects Apache Traffic Server prior to 6.2.1. The vulnerability triggers a coredump when there is a mismatch between content length and chunked encoding. Impact in sources notes crash/denial of service-like behavior (availability impact) with a potential high consequence. The docume...

7.5CVSS7.5AI score0.02958EPSS
CVE
CVE
added 2017/09/13 4:0 p.m.62 views

CVE-2015-5206

Apache Traffic Server: Unspecified vulnerability in the HTTP/2 experimental feature affects 5.3.x before 5.3.2. Root cause and impact are not detailed in the provided descriptions; CVSS metrics indicate high severity with network access. Remediation per connected records is upgrade to 5.3.2 or la...

10CVSS9.3AI score0.02411EPSS
CVE
CVE
added 2018/02/27 8:0 p.m.61 views

CVE-2017-7671

CVE-2017-7671 is linked to a TLS handshake DoS in Apache Traffic Server (ATS). The Vulners/EUVD/OpenVAS/Nessus-derived documents confirm: vulnerable ATS versions are 5.2.0–5.3.2, 6.0.0–6.2.0, and 7.0.0, with the issue leading to a server coredump. Public references also show Debian DSAs recommend...

7.5CVSS7.3AI score0.0223EPSS
CVE
CVE
added 2015/01/13 11:0 a.m.58 views

CVE-2014-10022

Apache Traffic Server is affected in versions before 5.1.2. The vulnerability arises from an issue in internal buffer sizing that can allow a remote attacker to cause a denial of service. Affected component is the HTTP handling path (HttpTransact.cc as cited in multiple sources) and the root caus...

5CVSS6.8AI score0.0564EPSS
CVE
CVE
added 2017/04/17 6:0 p.m.55 views

CVE-2016-5396

Apache Traffic Server (ATS) versions 6.0.0–6.2.0 are affected by an HPACK Bomb Attack. The CVE notes a network-accessible vulnerability with a high impact on availability (CVSS v3 base score 7.5). The related documents consistently describe HPACK Bomb as the issue; no concrete remediation, patch ...

7.8CVSS7.4AI score0.02881EPSS
CVE
CVE
added 2010/09/13 8:0 p.m.54 views

CVE-2010-2952

Apache Traffic Server vulnerable in versions before 2.0.1 and in 2.1.x before 2.1.2-unstable. The issue stems from improper DNS source port/transaction ID handling and DNS query field validation, enabling MITM-style cache poisoning via crafted responses. Remediation: upgrade to Apache Traffic Ser...

4.3CVSS6.5AI score0.02612EPSS
CVE
CVE
added 2024/11/20 5:40 p.m.53 views

CVE-2018-9481

CVE-2018-9481 : The vulnerability is in the Bluetooth stack, specifically in the function bta_hd_set_report_act of bta_hd_act.cc. An integer overflow can trigger an out-of-bounds read, enabling remote information disclosure through the Bluetooth service without extra privileges or user interactio...

6.5CVSS6.5AI score0.00138EPSS
CVE
CVE
added 2018/08/29 1:0 p.m.52 views

CVE-2018-8022

CVE-2018-8022 affects Apache Traffic Server (ATS) 6.2.2. A specially crafted invalid TLS handshake can cause ATS to segfault, leading to a partial availability impact (DoS) as described in multiple sources. The concrete vulnerable component is the TLS handshake handling within ATS; the root cause...

7.5CVSS7.4AI score0.07496EPSS
CVE
CVE
added 2025/06/19 10:7 a.m.47 views

CVE-2025-31698

Summary : CVE-2025-31698 affects Apache Traffic Server (ATS). The ACLs configured in ip_allow.config or remap.config may use IP addresses not provided by the PROXY protocol when ATS is configured to accept PROXY, exposing confidentiality. Affected ranges include 10.0.0–10.0.6 and 9.0.0–9.2.10. Ro...

7.5CVSS6.5AI score0.00448EPSS
CVE
CVE
added 2026/04/02 3:55 p.m.43 views

CVE-2025-65114

CVE-2025-65114 affects Apache Traffic Server where malformed chunked messages enable HTTP request smuggling. Affected versions: 9.0.0–9.2.12 and 10.0.0–10.1.1. The issue is mitigated by upgrading to 9.2.13 or 10.1.2, which include the fix for the chunked encoding parser and related handling (Fedo...

7.5CVSS5.8AI score0.00428EPSS
CVE
CVE
added 2026/04/02 3:54 p.m.17 views

CVE-2025-58136

Apache Traffic Server is affected by CVE-2025-58136 due to a bug in POST request handling that can crash the server under certain conditions. Affected versions are 10.0.0–10.1.1 and 9.0.0–9.2.12. The issue is fixed in 10.1.2 and 9.2.13; upgrading is recommended. As a workaround for older releases...

7.5CVSS5.9AI score0.00673EPSS
Total number of security vulnerabilities82