CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2021-43082 – heap-buffer-overflow with stats-over-http plugin
https://notcve.org/view.php?id=CVE-2021-43082
03 Nov 2021 — Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0. Una vulnerabilidad de copia del búfer sin comprobar el tamaño de la entrada ("Desbordamiento de Búfer Clásico") en el plugin stats-over-http de Apache Traffic Server permite a un atacante sobrescribir la memoria. Este problema afecta a Apache Traffic Server versión 9.1.0 • https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41585 – ATS stops accepting connections on FreeBSD
https://notcve.org/view.php?id=CVE-2021-41585
03 Nov 2021 — Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0. Una vulnerabilidad de comprobación de entrada inapropiada en la aceptación de conexiones de socket en Apache Traffic Server permite a un atacante hacer que el servidor deje de aceptar nuevas conexiones. Este problema afecta a Apache Traffic Server versiones 5.0.0 a 9.1.0 • https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-38161 – Not validating origin TLS certificate
https://notcve.org/view.php?id=CVE-2021-38161
03 Nov 2021 — Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8. Una vulnerabilidad de Autenticación inapropiada en la verificación de origen TLS de Apache Traffic Server permite realizar ataques de tipo man in the middle. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 8.0.8 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server... • https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37149 – Request Smuggling - multiple attacks
https://notcve.org/view.php?id=CVE-2021-37149
03 Nov 2021 — Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Una vulnerabilidad de Comprobación de entrada inapropiada en el análisis de encabezados de Apache Traffic Server permite a un atacante colar peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 8.1.2 y 9.0.0 a 9.1.0 Several vulnerabilities were discovered in Apache Traffic Server, a reverse... • https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37148 – Request Smuggling - transfer encoding validation
https://notcve.org/view.php?id=CVE-2021-37148
03 Nov 2021 — Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1. Una vulnerabilidad de comprobación de entrada inapropiada en el análisis de encabezados de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 8.1.2 y 9.0.0 a 9.0.1 Several vulnerabilities were discovered in Apache Traffic Server, a... • https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37147 – Request Smuggling - LF line ending
https://notcve.org/view.php?id=CVE-2021-37147
03 Nov 2021 — Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Una vulnerabilidad de comprobación de entrada inapropiada en el análisis de encabezados de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 8.1.2 y 9.0.0 a 9.1.0 Several vulnerabilities were discovered in Apache Traffic Server, a... • https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 10%CPEs: 4EXPL: 0CVE-2021-35474 – Dynamic stack buffer overflow in cachekey plugin
https://notcve.org/view.php?id=CVE-2021-35474
30 Jun 2021 — Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en el plugin cachekey de Apache Traffic Server. Este problema afecta a Apache Traffic Server 7.0.0 a 7.1.12, 8.0.0 a 8.1.1, 9.0.0 a 9.0.1 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could res... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2021-32567 – Reading HTTP/2 frames too many times
https://notcve.org/view.php?id=CVE-2021-32567
30 Jun 2021 — Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de comprobación inapropiada de entrada en HTTP/2 de Apache Traffic Server, permite a un atacante realizar un DOS en el servidor. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 Several vulnerabilities were ... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2021-32566 – Specific sequence of HTTP/2 frames can cause ATS to crash
https://notcve.org/view.php?id=CVE-2021-32566
30 Jun 2021 — Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de comprobación inapropiada de entrada en HTTP/2 de Apache Traffic Server, permite a un atacante realizar un DOS en el servidor. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 Several vulnerabilities were ... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 13%CPEs: 4EXPL: 0CVE-2021-32565 – HTTP Request Smuggling, content length with invalid charters
https://notcve.org/view.php?id=CVE-2021-32565
29 Jun 2021 — Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Unos valores no válidos en la cabecera Content-Length enviada a Apache Traffic Server, permiten a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 Several vulnerabilities were discovered ... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •