Traffic Server Security Vulnerabilities and Issues — Traffic Server CVE List

Lucene search

ApacheTraffic Server

6 matches found

CVE•added 2022/08/10 6:15 a.m.•68 views

CVE-2022-25763

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.0027EPSS

CVE•added 2022/08/10 6:15 a.m.•66 views

CVE-2022-31778

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.

7.5CVSS7.3AI score0.00113EPSS

CVE•added 2022/08/10 6:15 a.m.•64 views

CVE-2022-31780

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00248EPSS

CVE•added 2022/08/10 6:15 a.m.•62 views

CVE-2022-31779

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00121EPSS

CVE•added 2022/08/10 6:15 a.m.•60 views

CVE-2021-37150

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00205EPSS

CVE•added 2022/08/10 6:15 a.m.•55 views

CVE-2022-28129

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

7.5CVSS7.3AI score0.00163EPSS