Traffic Server Security Vulnerabilities and Issues — Traffic Server CVE List

Lucene search

ApacheTraffic Server

4 matches found

cve•added 2022/03/23 2:15 p.m.•92 views

CVE-2021-44759

Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.

8.1CVSS7.9AI score0.00287EPSS

cve•added 2024/07/26 10:15 a.m.•60 views

CVE-2024-35296

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

8.2CVSS6.6AI score0.01675EPSS

cve•added 2021/11/03 4:15 p.m.•53 views

CVE-2021-38161

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

8.1CVSS7.9AI score0.00347EPSS

cve•added 2018/02/27 8:29 p.m.•49 views

CVE-2017-5660

There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used.

8.6CVSS8.3AI score0.02584EPSS