CVSS: 5.3EPSS: 5%CPEs: 3EXPL: 0CVE-2018-8005 – Debian Security Advisory 4282-1
https://notcve.org/view.php?id=CVE-2018-8005
29 Aug 2018 — When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. Cuando hay múltiples rangos en una petición de rango, Apache Traffic Server (ATS) leerá el objeto completo desde la caché. • http://www.securityfocus.com/bid/105187 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 0CVE-2018-8022
https://notcve.org/view.php?id=CVE-2018-8022
29 Aug 2018 — A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions. Una negociación TLS inválida cuidadosamente manipulada puede provocar un segfault en Apache Traffic Server (ATS). Esto afecta a la versión 6.2.2. • http://www.securityfocus.com/bid/105183 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-8004 – Debian Security Advisory 4282-1
https://notcve.org/view.php?id=CVE-2018-8004
29 Aug 2018 — There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. Hay múltiples problemas de "HTTP smuggling" y envenenamiento de caché cuando los clientes que realizan peticiones maliciosas interactúan con Apache Traffic Server (ATS). Est... • https://github.com/mosesrenegade/CVE-2018-8004 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.6EPSS: 1%CPEs: 10EXPL: 0CVE-2017-5660 – Debian Security Advisory 4128-1
https://notcve.org/view.php?id=CVE-2017-5660
27 Feb 2018 — There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. Hay una vulnerabilidad en Apache Traffic Server (ATS) en versiones 6.2.0 y anteriores y versiones 7.0.0 y anteriores con la cabecera Host y el plegado de líneas. Esto puede provocar problemas al interactuar con proxies ascendentes empleando el host erróneo. Several vulnerabilities were dis... • https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98%40%3Cdev.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2017-7671 – Debian Security Advisory 4128-1
https://notcve.org/view.php?id=CVE-2017-7671
27 Feb 2018 — There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This issue can cause the server to coredump. Hay una vulnerabilidad de ataque de denegación de servicio en Apache Traffic Server (ATS) de las versión 5.2.0 a la 5.3.2; versión 6.0.0 a 6.2.0 y la versión 7.0.0 con la negociación TLS. Este problema puede provocar que el sistema vuelque la memoria. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and fo... • https://lists.apache.org/thread.html/203bdcf9bbb718f3dc6f7aaf3e2af632474d51fa9e7bfb7832729905%40%3Cdev.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5659
https://notcve.org/view.php?id=CVE-2017-5659
17 Apr 2017 — Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Apache Traffic Server en versiones anteriores a 6.2.1 genera un volcado de memoria cuando hay una falta de coincidencia entre la longitud del contenido y la codificación en fragmentos. • http://www.securityfocus.com/bid/97949 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-5396 – ATS 6.2.0 Denial of Service
https://notcve.org/view.php?id=CVE-2016-5396
17 Apr 2017 — Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Apache Traffic Server 6.0.0 a 6.2.0 están afectados por un HPACK Bomb Attack. There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a denial of service vulnerability. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS 6.2.1 or 7.0.0. • http://www.securityfocus.com/bid/97945 • CWE-399: Resource Management Errors •