CVE-2014-3525
https://notcve.org/view.php?id=CVE-2014-3525
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Una vulnerabilidad no especificada en Apache Traffic Server versiones 3.x hasta 3.2.5, versiones 4.x anteriores a 4.2.1.1, y versiones 5.x anteriores a 5.0.1, se ha desconocido vectores de impacto y ataque, posiblemente relacionados con las comprobaciones de sanidad. • http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07%40yahoo-inc.com%3E http://secunia.com/advisories/60375 https://exchange.xforce.ibmcloud.com/vulnerabilities/95495 •
CVE-2012-0256
https://notcve.org/view.php?id=CVE-2012-0256
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. Apache Traffic Server v2.0.x y v3.0.x anteriores a v3.0.4 y v3.1.x anteriores a v3.1.3 no posiciona de forma adecuada la memoria dinámica, lo que permite a atacantes remotos provocar una denegación del servicio (caída del demonio) a través de una cabecera larga HTTP Host. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html http://seclists.org/fulldisclosure/2012/Mar/260 http://trafficserver.apache.org/downloads http://www.securityfocus.com/bid/52696 http://www.securitytracker.com/id?1026847 https://www.cert.fi/en/reports/2012/vulnerability612884.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2952
https://notcve.org/view.php?id=CVE-2010-2952
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response. Apache Traffic Server antes de v2.0.1, y v2.1.x antes de v2.1.2-unstable, no escoge adecuadamente los puertos de origen y las IDs de transacción y tampoco usa adecuadamente los campos de consulta de DNS para validar las respuestas, lo que hace que sea más fácil para atacantes "man-in-the-middle" el realizar ataques de envenenamiento de caché interno de DNS a través de una respuesta modificada para tal fin. • http://secunia.com/advisories/41356 http://securitytracker.com/id?1024417 http://trafficserver.apache.org http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc http://www.securityfocus.com/archive/1/513598/100/0/threaded http://www.securityfocus.com/bid/43111 https://exchange.xforce.ibmcloud.com/vulnerabilities/61721 https://issues.apache.org/jira/browse/TS-425 • CWE-20: Improper Input Validation •
CVE-2002-1013 – Inktomi Traffic Server 4/5 - Traffic_Manager Path Argument Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1013
Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. • https://www.exploit-db.com/exploits/21580 http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html http://support.inktomi.com/kb/070202-003.html http://www.iss.net/security_center/static/9465.php http://www.securityfocus.com/bid/5098 •