CVSS: 7.5EPSS: 22%CPEs: 3EXPL: 0CVE-2018-1318 – Debian Security Advisory 4282-1
https://notcve.org/view.php?id=CVE-2018-1318
29 Aug 2018 — Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. La adición de métodos de listas de control de acceso en remap.config puede provocar un segfault cuando el usuario realiza una petición cuidadosamente manipulada. Esto afecta a Apache ... • http://www.securityfocus.com/bid/105176 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 18%CPEs: 3EXPL: 0CVE-2018-8040 – Debian Security Advisory 4282-1
https://notcve.org/view.php?id=CVE-2018-8040
29 Aug 2018 — Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. Las páginas que se renderizan mediante el plugin ESI pueden tener acceso a la cabecera de la cookie cuando el plugin está configurado para no permitir el a... • http://www.securityfocus.com/bid/105181 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.6EPSS: 2%CPEs: 10EXPL: 0CVE-2017-5660 – Debian Security Advisory 4128-1
https://notcve.org/view.php?id=CVE-2017-5660
27 Feb 2018 — There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. Hay una vulnerabilidad en Apache Traffic Server (ATS) en versiones 6.2.0 y anteriores y versiones 7.0.0 y anteriores con la cabecera Host y el plegado de líneas. Esto puede provocar problemas al interactuar con proxies ascendentes empleando el host erróneo. Several vulnerabilities were dis... • https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98%40%3Cdev.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 0CVE-2017-7671 – Debian Security Advisory 4128-1
https://notcve.org/view.php?id=CVE-2017-7671
27 Feb 2018 — There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump. Hay una vulnerabilidad de ataque de denegación de servicio en Apache Traffic Server (ATS) de las versión 5.2.0 a la 5.3.2; versión 6.0.0 a 6.2.0 y la versión 7.0.0 con la negociación TLS. Este problema puede provocar que el sistema vuelque la memoria. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and fo... • https://lists.apache.org/thread.html/203bdcf9bbb718f3dc6f7aaf3e2af632474d51fa9e7bfb7832729905%40%3Cdev.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-5396 – ATS 6.2.0 Denial of Service
https://notcve.org/view.php?id=CVE-2016-5396
17 Apr 2017 — Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Apache Traffic Server 6.0.0 a 6.2.0 están afectados por un HPACK Bomb Attack. There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a denial of service vulnerability. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS 6.2.1 or 7.0.0. • http://www.securityfocus.com/bid/97945 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5659
https://notcve.org/view.php?id=CVE-2017-5659
17 Apr 2017 — Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Apache Traffic Server en versiones anteriores a 6.2.1 genera un volcado de memoria cuando hay una falta de coincidencia entre la longitud del contenido y la codificación en fragmentos. • http://www.securityfocus.com/bid/97949 • CWE-20: Improper Input Validation •