CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2015-3249
https://notcve.org/view.php?id=CVE-2015-3249
30 Oct 2017 — The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. La función experimental HTTP/2 en Apache Traffic Server en versiones 5.3.x anteriores a la 5.3.1 permite que atacantes remotos provoquen una denegación de servicio (acceso fuera de límites y cierre inesperado del dem... • http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g%40mail.gmail.com%3E • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2015-5168
https://notcve.org/view.php?id=CVE-2015-5168
13 Sep 2017 — Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. Existe una vulnerabilidad no especificada en la característica experimental HTTP/2 en Apache Traffic Server, en versiones 5.3.x anteriores a la 5.3.2 que tiene un impacto y vectores de ataque desconocidos. Esta vulnerabilidad es diferente de CVE-2015-5206. • http://mail-archives.us.apache.org/mod_mbox/www-announce/201509.mbox/%3CCABF6JR2j5vesvnjbm6sDPB_zAGj3kNgzzHEpLUh6dWG6t8mC2w%40mail.gmail.com%3E •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2015-5206
https://notcve.org/view.php?id=CVE-2015-5206
13 Sep 2017 — Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. Existe una vulnerabilidad no especificada en la característica experimental HTTP/2 en Apache Traffic Server, en versiones anteriores a la 5.3.2 que tiene un impacto y vectores de ataque desconocidos. Esta vulnerabilidad es diferente de CVE-2015-5168 • http://mail-archives.us.apache.org/mod_mbox/www-announce/201509.mbox/%3CCABF6JR2j5vesvnjbm6sDPB_zAGj3kNgzzHEpLUh6dWG6t8mC2w%40mail.gmail.com%3E •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-5396 – ATS 6.2.0 Denial of Service
https://notcve.org/view.php?id=CVE-2016-5396
17 Apr 2017 — Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Apache Traffic Server 6.0.0 a 6.2.0 están afectados por un HPACK Bomb Attack. There is a vulnerability in ATS with the HPACK Bomb Attack that can lead to a denial of service vulnerability. Versions 6.0.0 to 6.2.0 are affected. Please upgrade to ATS 6.2.1 or 7.0.0. • http://www.securityfocus.com/bid/97945 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5659
https://notcve.org/view.php?id=CVE-2017-5659
17 Apr 2017 — Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Apache Traffic Server en versiones anteriores a 6.2.1 genera un volcado de memoria cuando hay una falta de coincidencia entre la longitud del contenido y la codificación en fragmentos. • http://www.securityfocus.com/bid/97949 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-10022
https://notcve.org/view.php?id=CVE-2014-10022
13 Jan 2015 — Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. Apache Traffic Server anterior a 5.1.2 permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados, relacionado con el tamaño de buffers internos. • http://mail-archives.apache.org/mod_mbox/trafficserver-users/201412.mbox/browser • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 35EXPL: 0CVE-2014-3525
https://notcve.org/view.php?id=CVE-2014-3525
22 Aug 2014 — Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Una vulnerabilidad no especificada en Apache Traffic Server versiones 3.x hasta 3.2.5, versiones 4.x anteriores a 4.2.1.1, y versiones 5.x anteriores a 5.0.1, se ha desconocido vectores de impacto y ataque, posiblemente relacionados con las comprobaciones de sanidad. • http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07%40yahoo-inc.com%3E •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2012-0256
https://notcve.org/view.php?id=CVE-2012-0256
26 Mar 2012 — Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. Apache Traffic Server v2.0.x y v3.0.x anteriores a v3.0.4 y v3.1.x anteriores a v3.1.3 no posiciona de forma adecuada la memoria dinámica, lo que permite a atacantes remotos provocar una denegación del servicio (caída del demonio) a través de una cabecera larga HTTP Host. • http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 1%CPEs: 3EXPL: 0CVE-2010-2952
https://notcve.org/view.php?id=CVE-2010-2952
13 Sep 2010 — Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response. Apache Traffic Server antes de v2.0.1, y v2.1.x antes de v2.1.2-unstable, no escoge adecuadamente los puertos de origen y las IDs de transacción y tampoco usa adecuadamente los campos de consulta de DNS ... • http://secunia.com/advisories/41356 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2002-1013 – Inktomi Traffic Server 4/5 - Traffic_Manager Path Argument Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1013
04 Oct 2002 — Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. • https://www.exploit-db.com/exploits/21580 •