CVE-2017-5659
https://notcve.org/view.php?id=CVE-2017-5659
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Apache Traffic Server en versiones anteriores a 6.2.1 genera un volcado de memoria cuando hay una falta de coincidencia entre la longitud del contenido y la codificación en fragmentos. • http://www.securityfocus.com/bid/97949 http://www.securitytracker.com/id/1038275 https://issues.apache.org/jira/browse/TS-4819 • CWE-20: Improper Input Validation •
CVE-2014-10022
https://notcve.org/view.php?id=CVE-2014-10022
Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. Apache Traffic Server anterior a 5.1.2 permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados, relacionado con el tamaño de buffers internos. • http://mail-archives.apache.org/mod_mbox/trafficserver-users/201412.mbox/browser http://www.securitytracker.com/id/1031499 https://issues.apache.org/jira/browse/TS-3223 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-3525
https://notcve.org/view.php?id=CVE-2014-3525
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Una vulnerabilidad no especificada en Apache Traffic Server versiones 3.x hasta 3.2.5, versiones 4.x anteriores a 4.2.1.1, y versiones 5.x anteriores a 5.0.1, se ha desconocido vectores de impacto y ataque, posiblemente relacionados con las comprobaciones de sanidad. • http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07%40yahoo-inc.com%3E http://secunia.com/advisories/60375 https://exchange.xforce.ibmcloud.com/vulnerabilities/95495 •
CVE-2012-0256
https://notcve.org/view.php?id=CVE-2012-0256
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. Apache Traffic Server v2.0.x y v3.0.x anteriores a v3.0.4 y v3.1.x anteriores a v3.1.3 no posiciona de forma adecuada la memoria dinámica, lo que permite a atacantes remotos provocar una denegación del servicio (caída del demonio) a través de una cabecera larga HTTP Host. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html http://seclists.org/fulldisclosure/2012/Mar/260 http://trafficserver.apache.org/downloads http://www.securityfocus.com/bid/52696 http://www.securitytracker.com/id?1026847 https://www.cert.fi/en/reports/2012/vulnerability612884.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •