CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-33933 – Apache Traffic Server: s3_auth plugin problem with hash calculation
https://notcve.org/view.php?id=CVE-2023-33933
14 Jun 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgra... • https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47184 – Apache Traffic Server: The TRACE method can be use to disclose network information
https://notcve.org/view.php?id=CVE-2022-47184
14 Jun 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service. • https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 0CVE-2022-40743 – Apache Traffic Server: Security issues with the xdebug plugin
https://notcve.org/view.php?id=CVE-2022-40743
19 Dec 2022 — Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. Una vulnerabilidad de validación de entrada incorrecta para el complemento xdebug en Apache Software Foundation Apache Traffic Server puede provocar ataques de envenenamiento de caché y Cross-Site Scripting. Este problema afecta a... • https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-37392 – Apache Traffic Server: Improperly reading the client requests
https://notcve.org/view.php?id=CVE-2022-37392
19 Dec 2022 — Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Vulnerabilidad de comprobación incorrecta de la condiciones inusuales o excepcionales en el manejo de las solicitudes al servidor Apache Traffic. Este problema afecta a Apache Traffic Server 8.0.0 a 9.1.2. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP re... • https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32749 – Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins
https://notcve.org/view.php?id=CVE-2022-32749
19 Dec 2022 — Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. La vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales que maneja solicitudes en Apache Traffic Server permite que un atacante bloquee el servidor bajo ciertas condiciones. Este problema afecta a Apache Traffic Server: desde 8.0.0 hasta 9... • https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31779 – Improper HTTP/2 scheme and method validation
https://notcve.org/view.php?id=CVE-2022-31779
10 Aug 2022 — Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis de encabezados de HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forwa... • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-25763 – Improper input validation on HTTP/2 headers
https://notcve.org/view.php?id=CVE-2022-25763
10 Aug 2022 — Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en la comprobación de peticiones HTTP/2 de Apache Traffic Server permite a un atacante crear ataques de contrabando o envenenamiento de caché. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 Several vulnerabilities were ... • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37150 – Protocol vs scheme mismatch
https://notcve.org/view.php?id=CVE-2021-37150
10 Aug 2022 — Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis de encabezados de Apache Traffic Server permite a un atacante solicitar recursos seguros. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward prox... • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-28129 – Insufficient Validation of HTTP/1.x Headers
https://notcve.org/view.php?id=CVE-2022-28129
10 Aug 2022 — Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis del encabezado HTTP/1.1 de Apache Traffic Server permite a un atacante enviar encabezados no válidos. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 Several vulnerabilities were discovered in Apache Traffic Server, a reverse... • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31780 – HTTP/2 framing vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31780
10 Aug 2022 — Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el manejo de tramas HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy s... • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 • CWE-20: Improper Input Validation •