Traffic Server Security Vulnerabilities and Issues — Traffic Server CVE List

Lucene search

ApacheTraffic Server

10 matches found

CVE•added 2020/03/23 10:15 p.m.•91 views

CVE-2019-17559

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

9.8CVSS9.2AI score0.01047EPSS

CVE•added 2020/03/23 10:15 p.m.•88 views

CVE-2020-1944

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

9.8CVSS9.2AI score0.00898EPSS

CVE•added 2023/08/09 7:15 a.m.•88 views

CVE-2023-33934

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

9.1CVSS9.2AI score0.00239EPSS

CVE•added 2021/06/30 8:15 a.m.•81 views

CVE-2021-35474

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

9.8CVSS9.4AI score0.09211EPSS

CVE•added 2020/03/23 10:15 p.m.•73 views

CVE-2019-17565

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.

9.8CVSS9.2AI score0.00898EPSS

CVE•added 2021/11/03 4:15 p.m.•73 views

CVE-2021-43082

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.

9.8CVSS9.3AI score0.00927EPSS

CVE•added 2024/07/26 10:15 a.m.•64 views

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. ...

9.1CVSS6.6AI score0.00635EPSS

CVE•added 2017/10/30 2:29 p.m.•62 views

CVE-2014-3624

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

9.8CVSS6.3AI score0.00444EPSS

CVE•added 2024/11/14 10:15 a.m.•57 views

CVE-2024-50306

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

9.1CVSS9.2AI score0.01137EPSS

CVE•added 2017/10/30 2:29 p.m.•50 views

CVE-2015-3249

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

9.8CVSS9.8AI score0.03606EPSS