Traffic Server@* Security Vulnerabilities and Issues — Traffic Server@* CVE List

Lucene search

ApacheTraffic Server*

8 matches found

CVE•added 2024/04/10 12:15 p.m.•5533 views

CVE-2024-31309

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION fr...

7.5CVSS7.5AI score0.02807EPSS

CVE•added 2024/07/26 10:15 a.m.•79 views

CVE-2023-38522

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0...

7.5CVSS6.5AI score0.01741EPSS

CVE•added 2024/07/26 10:15 a.m.•64 views

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. ...

9.1CVSS6.6AI score0.00635EPSS

CVE•added 2024/07/26 10:15 a.m.•60 views

CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

8.2CVSS6.6AI score0.01675EPSS

CVE•added 2024/11/14 10:15 a.m.•59 views

CVE-2024-50305

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

7.5CVSS7.4AI score0.00965EPSS

CVE•added 2024/11/14 10:15 a.m.•57 views

CVE-2024-38479

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

7.5CVSS7.4AI score0.00585EPSS

CVE•added 2024/11/14 10:15 a.m.•57 views

CVE-2024-50306

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

9.1CVSS9.2AI score0.01137EPSS

CVE•added 2024/11/20 6:15 p.m.•40 views

CVE-2018-9481

In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation.

6.5CVSS6.5AI score0.00026EPSS