Traffic Server Security Vulnerabilities and Issues — Traffic Server CVE List

Lucene search

ApacheTraffic Server

14 matches found

cve•added 2021/05/14 9:15 p.m.•90 views

CVE-2021-27737

Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.

7.5CVSS7.4AI score0.09467EPSS

cve•added 2021/06/30 8:15 a.m.•81 views

CVE-2021-35474

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

9.8CVSS9.4AI score0.09211EPSS

cve•added 2021/01/11 10:15 a.m.•78 views

CVE-2020-17508

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

7.5CVSS7.2AI score0.02656EPSS

cve•added 2021/11/03 4:15 p.m.•73 views

CVE-2021-43082

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.

9.8CVSS9.3AI score0.00927EPSS

cve•added 2021/06/29 12:15 p.m.•71 views

CVE-2021-32565

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5CVSS7.5AI score0.05675EPSS

cve•added 2021/06/30 8:15 a.m.•71 views

CVE-2021-32566

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5CVSS7.5AI score0.05998EPSS

cve•added 2021/11/03 4:15 p.m.•71 views

CVE-2021-37147

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

7.5CVSS7.4AI score0.0109EPSS

cve•added 2021/06/29 12:15 p.m.•70 views

CVE-2021-27577

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

7.5CVSS7.5AI score0.00682EPSS

cve•added 2021/06/30 8:15 a.m.•70 views

CVE-2021-32567

7.5CVSS7.5AI score0.05998EPSS

cve•added 2021/11/03 4:15 p.m.•57 views

CVE-2021-37148

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

7.5CVSS7.4AI score0.00797EPSS

cve•added 2021/01/11 10:15 a.m.•55 views

CVE-2020-17509

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

7.5CVSS7.3AI score0.03046EPSS

cve•added 2021/11/03 4:15 p.m.•53 views

CVE-2021-38161

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

8.1CVSS7.9AI score0.00347EPSS

cve•added 2021/11/03 4:15 p.m.•50 views

CVE-2021-37149

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

7.5CVSS7.4AI score0.00797EPSS

cve•added 2021/11/03 4:15 p.m.•48 views

CVE-2021-41585

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.

7.5CVSS7.5AI score0.00736EPSS