7 results (0.030 seconds)

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue. Un valor de retorno sin marcar puede permitir que Apache Traffic Server conserve privilegios al iniciarse. Este problema afecta a Apache Traffic Server: de la versión 9.2.0 a la 9.2.5 y de la versión 10.0.0 a la 10.0.1. Se recomienda a los usuarios actualizar a la versión 9.2.6 o 10.0.2, que soluciona el problema. • https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y • CWE-252: Unchecked Return Value •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. Un campo de encabezado de host válido puede provocar que Apache Traffic Server se bloquee en algunas plataformas. Este problema afecta a Apache Traffic Server: desde la versión 9.2.0 hasta la 9.2.5. Se recomienda a los usuarios actualizar a la versión 9.2.6, que soluciona el problema, o a la versión 10.0.2, que no lo tiene. • https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. Vulnerabilidad de validación de entrada incorrecta en Apache Traffic Server. Este problema afecta a Apache Traffic Server: desde la versión 8.0.0 hasta la 8.1.11, desde la versión 9.0.0 hasta la 9.2.5. Se recomienda a los usuarios que actualicen a la versión 9.2.6, que soluciona el problema, o a la versión 10.0.2, que no lo tiene. • https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 • CWE-20: Improper Input Validation CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: -EPSS: 0%CPEs: 2EXPL: 0

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. • https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 • CWE-20: Improper Input Validation •