CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2019-10079
https://notcve.org/view.php?id=CVE-2019-10079
22 Oct 2019 — Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. Apache Traffic Server es vulnerable a los ataques de inundación de la configuración HTTP/2. Las versiones anteriores de Apache Traffic Server no limitaban el número de tramas de configuración enviadas desde el cliente utilizando el ... • https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 2%CPEs: 10EXPL: 0CVE-2017-5660 – Debian Security Advisory 4128-1
https://notcve.org/view.php?id=CVE-2017-5660
27 Feb 2018 — There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. Hay una vulnerabilidad en Apache Traffic Server (ATS) en versiones 6.2.0 y anteriores y versiones 7.0.0 y anteriores con la cabecera Host y el plegado de líneas. Esto puede provocar problemas al interactuar con proxies ascendentes empleando el host erróneo. Several vulnerabilities were dis... • https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98%40%3Cdev.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5659
https://notcve.org/view.php?id=CVE-2017-5659
17 Apr 2017 — Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Apache Traffic Server en versiones anteriores a 6.2.1 genera un volcado de memoria cuando hay una falta de coincidencia entre la longitud del contenido y la codificación en fragmentos. • http://www.securityfocus.com/bid/97949 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-10022
https://notcve.org/view.php?id=CVE-2014-10022
13 Jan 2015 — Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. Apache Traffic Server anterior a 5.1.2 permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados, relacionado con el tamaño de buffers internos. • http://mail-archives.apache.org/mod_mbox/trafficserver-users/201412.mbox/browser • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 35EXPL: 0CVE-2014-3525
https://notcve.org/view.php?id=CVE-2014-3525
22 Aug 2014 — Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Una vulnerabilidad no especificada en Apache Traffic Server versiones 3.x hasta 3.2.5, versiones 4.x anteriores a 4.2.1.1, y versiones 5.x anteriores a 5.0.1, se ha desconocido vectores de impacto y ataque, posiblemente relacionados con las comprobaciones de sanidad. • http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07%40yahoo-inc.com%3E •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2012-0256
https://notcve.org/view.php?id=CVE-2012-0256
26 Mar 2012 — Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. Apache Traffic Server v2.0.x y v3.0.x anteriores a v3.0.4 y v3.1.x anteriores a v3.1.3 no posiciona de forma adecuada la memoria dinámica, lo que permite a atacantes remotos provocar una denegación del servicio (caída del demonio) a través de una cabecera larga HTTP Host. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 1%CPEs: 3EXPL: 0CVE-2010-2952
https://notcve.org/view.php?id=CVE-2010-2952
13 Sep 2010 — Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response. Apache Traffic Server antes de v2.0.1, y v2.1.x antes de v2.1.2-unstable, no escoge adecuadamente los puertos de origen y las IDs de transacción y tampoco usa adecuadamente los campos de consulta de DNS ... • http://secunia.com/advisories/41356 • CWE-20: Improper Input Validation •