from 0, < 8.1.9+ds-1~deb11u1
CRITICAL9.8CVE-2021-43082Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server… from 0, < 9.1.1+ds-1
CRITICAL9.8Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.
from 0, < 8.1.1+ds-1.1
CRITICAL9.8There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-E…
from 0, < 8.0.6+ds-1
CRITICAL9.8There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked en…
from 0, < 8.0.6+ds-1
CRITICAL9.8trafficserver - security update
from 0, < 8.0.2+ds-1+deb10u2
CRITICAL9.8trafficserver - security update
from 0, < 8.0.6+ds-1
CRITICAL9.8The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bo…
from 0, < 5.3.1-1
CRITICAL9.8Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel rem…
from 0, < 5.0.0-1
CRITICAL9.8Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and atta…
from 0, < 6.0.0-1
CRITICAL9.8Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vect…
from 0, < 6.0.0-1
CRITICAL9.1Unchecked return value can allow Apache Traffic Server to retain privileges on startup.
from 0, < 8.1.11+ds-0+deb11u2
CRITICAL9.1Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: throu…
from 0, < 8.1.9+ds-1~deb11u1
HIGH8.6trafficserver - security update
from 0, < 7.0.0-6+deb9u1
HIGH8.6trafficserver - security update
from 0, < 7.1.2+ds-1
HIGH8.2Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.
from 0, < 8.1.11+ds-0+deb11u1
HIGH8.1Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle at…
from 0, < 8.1.1+ds-1.1+deb11u1
HIGH8.1Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.
from 0, < 8.1.1+ds-1.1+deb11u1
HIGH7.5Apache Traffic Server allows request smuggling if chunked messages are malformed.
from 0
HIGH7.5A bug in POST request handling causes a crash under a certain condition.
from 0
HIGH7.5ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are…
from 0
HIGH7.5ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.
from 0
HIGH7.5trafficserver - security update
from 0
HIGH7.5trafficserver - security update
from 0, < 9.2.5+ds-0+deb12u3
HIGH7.5Valid Host header field can cause Apache Traffic Server to crash on some platforms.
from 0
HIGH7.5trafficserver - security update
from 0, < 8.1.11+ds-0+deb11u2
HIGH7.5trafficserver - security update
from 0, < 8.1.11+ds-0+deb11u2
HIGH7.5Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers.
from 0, < 8.1.11+ds-0+deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.11+ds-0+deb11u1
HIGH7.5trafficserver - security update
from 0, < 9.2.5+ds-0+deb12u1
HIGH7.5trafficserver - security update
from 0, < 8.1.11+ds-0+deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.10+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.10+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.7-0+deb10u4
HIGH7.5Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
from 0, < 8.0.5+ds-1
HIGH7.5trafficserver - security update
from 0, < 8.1.9+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.7-0+deb10u3
HIGH7.5Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: fro…
from 0, < 9.2.3+ds-1+deb12u1
HIGH7.5trafficserver - security update
from 0, < 8.1.9+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.7-0+deb10u2
HIGH7.5trafficserver - security update
from 0, < 8.1.9+ds-1~deb11u1
HIGH7.5Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue aff…
from 0, < 8.1.7+ds-1~deb11u1
HIGH7.5Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.
from 0, < 8.1.7+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.7+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.7-0+deb10u1
HIGH7.5trafficserver - security update
from 0, < 8.1.7+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.6+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.6+ds-1~deb11u1
HIGH7.5Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.
from 0, < 8.1.5+ds-1~deb11u1
HIGH7.5Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.
from 0, < 8.1.5+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.6+ds-1~deb10u1
HIGH7.5trafficserver - security update
from 0, < 8.1.5+ds-1~deb11u1
HIGH7.5Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.
from 0, < 8.1.5+ds-1~deb11u1
HIGH7.5Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache…
from 0, < 8.1.5+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.0.2+ds-1+deb10u7
HIGH7.5trafficserver - security update
from 0, < 8.1.5+ds-1~deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.5+ds-1~deb11u1
HIGH7.5h2o - security update
from 0, < 8.0.5+ds-1
HIGH7.5Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests.
from 0, < 8.1.1+ds-1.1+deb11u1
HIGH7.5Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
from 0, < 8.1.1+ds-1.1+deb11u1
HIGH7.5Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
from 0, < 8.1.1+ds-1.1+deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.1.1+ds-1.1+deb11u1
HIGH7.5trafficserver - security update
from 0, < 8.0.2+ds-1+deb10u6
HIGH7.5Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
from 0, < 8.1.1+ds-1.1
HIGH7.5Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
from 0, < 8.1.1+ds-1.1
HIGH7.5Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.
from 0, < 8.1.1+ds-1.1
HIGH7.5trafficserver - security update
from 0, < 8.1.1+ds-1.1
HIGH7.5trafficserver - security update
from 0, < 8.0.2+ds-1+deb10u5
HIGH7.5ATS negative cache option is vulnerable to a cache poisoning attack.
from 0, < 8.1.1+ds-1
HIGH7.5trafficserver - security update
from 0, < 8.0.2+ds-1+deb10u4
HIGH7.5trafficserver - security update
from 0, < 8.1.1+ds-1
HIGH7.5trafficserver - security update
from 0, < 8.0.2+ds-1+deb10u3
HIGH7.5trafficserver - security update
from 0, < 8.0.8+ds-1
HIGH7.5Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.
from 0, < 8.0.7+ds-1
HIGH7.5trafficserver - security update
from 0, < 8.0.5+ds-1
HIGH7.5trafficserver - security update
from 0, < 8.0.2+ds-1+deb10u1
HIGH7.5Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service.
from 0, < 8.0.5+ds-1
HIGH7.5Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.
from 0, < 8.0.5+ds-1
HIGH7.5sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin.
from 0, < 8.0.2+ds-1
HIGH7.5A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault.
from 0, < 7.0.0-1
HIGH7.5trafficserver - security update
from 0, < 7.1.4+ds-1
HIGH7.5trafficserver - security update
from 0, < 7.0.0-6+deb9u2
HIGH7.5There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake.
from 0, < 7.1.2+ds-1
HIGH7.5Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
from 0, < 7.0.0-1
HIGH7.5Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
from 0, < 7.0.0-1
MEDIUM6.5There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (AT…
from 0, < 7.1.4+ds-1
MEDIUM6.3Improper Access Control vulnerability in Apache Traffic Server.
from 0
MEDIUM6.3trafficserver - security update
from 0
MEDIUM6.3trafficserver - security update
from 0, < 9.2.5+ds-0+deb12u2
MEDIUM6.1Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site sc…
from 0, < 9.1.4+ds-1
MEDIUM5.3Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server.
from 0, < 8.1.6+ds-1~deb11u1
MEDIUM5.3Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access.
from 0, < 7.1.4+ds-1
MEDIUM5.3When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache.
from 0, < 7.1.4+ds-1
MEDIUM4.3Expected Behavior Violation vulnerability in Apache Traffic Server.
from 0
—Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer…
from 0, < 5.2.0-1
—Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attac…
from 0, < 5.0.1-1
—Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attac…
from 0, < 3.0.4-1