CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-32749 – Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins
https://notcve.org/view.php?id=CVE-2022-32749
Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. La vulnerabilidad de verificación inadecuada de condiciones inusuales o excepcionales que maneja solicitudes en Apache Traffic Server permite que un atacante bloquee el servidor bajo ciertas condiciones. Este problema afecta a Apache Traffic Server: desde 8.0.0 hasta 9.1.3. • https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-31779 – Improper HTTP/2 scheme and method validation
https://notcve.org/view.php?id=CVE-2022-31779
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis de encabezados de HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-25763 – Improper input validation on HTTP/2 headers
https://notcve.org/view.php?id=CVE-2022-25763
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en la comprobación de peticiones HTTP/2 de Apache Traffic Server permite a un atacante crear ataques de contrabando o envenenamiento de caché. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31778 – Transfer-Encoding not treated as hop-by-hop
https://notcve.org/view.php?id=CVE-2022-31778
Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el manejo de el encabezado Transfer-Encoding de Apache Traffic Server permite a un atacante envenenar la caché. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.0.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/04/msg00007.html https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31780 – HTTP/2 framing vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31780
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el manejo de tramas HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •