CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2020-17509 – Debian Security Advisory 4805-1
https://notcve.org/view.php?id=CVE-2020-17509
28 Dec 2020 — ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. La opción de caché negativa de Apache Traffic Server es vulnerable a un ataque de envenenamiento de caché afectando a versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.10 y versiones 8.0.0 hasta 8.0.7. Si posee esta opción habilitada, actualice o deshabilite esta función Two vuln... • https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-9494 – Debian Security Advisory 4710-1
https://notcve.org/view.php?id=CVE-2020-9494
24 Jun 2020 — Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. Apache Traffic Server versiones 6.0.0 hasta 6.2.3, 7.0.0 hasta 7.1.10 y 8.0.0 hasta 8.0.7, es vulnerable a determinados tipos de tramas HTTP/2 HEADERS que pueden causar que el servidor asigne una gran cantidad de memoria y girar el subproceso o hilo A vulnerability was discovered in Apache Traffic... • http://www.openwall.com/lists/oss-security/2021/03/01/2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2020-9481 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2020-9481
27 Apr 2020 — Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Apache ATS versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta la versión 7.1.9 y versiones 8.0.0 hasta 8.0.6, es vulnerable a un ataque de lectura lenta de HTTP/2. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling attacks. • https://lists.apache.org/thread.html/r21ddaf0a4a973f3c43c7ff399ae50d2f858f13f87bd6a9551c5cf6db%40%3Cannounce.trafficserver.apache.org%3E • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2020-1944 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2020-1944
23 Mar 2020 — There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. Se presenta una vulnerabilidad en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.8 y versiones 8.0.0 hasta 8.0.5, con un ataque de tráfico no autorizado y encabezados Transfer-Encoding y Content Length. Actualice a las versiones 7.1.9 y 8.0.6 o version... • https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-17559 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2019-17559
23 Mar 2020 — There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. Se presenta una vulnerabilidad en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.8 y versiones 8.0.0 hasta 8.0.5, con un ataque de tráfico no autorizado y análisis de esquemas. Actualice a las versiones 7.1.9 y 8.0.6 o versiones posteriores. Several vulnerabilities were discovered ... • https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-17565 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2019-17565
23 Mar 2020 — There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. Se presenta una vulnerabilidad en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.8 y versiones 8.0.0 hasta 8.0.5, con un ataque de tráfico no autorizado y codificación fragmentada. Actualice a las versiones 7.1.9 y 8.0.6 o versiones posteriores. Several vulnerabilities were disco... • https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2019-10079
https://notcve.org/view.php?id=CVE-2019-10079
22 Oct 2019 — Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. Apache Traffic Server es vulnerable a los ataques de inundación de la configuración HTTP/2. Las versiones anteriores de Apache Traffic Server no limitaban el número de tramas de configuración enviadas desde el cliente utilizando el ... • https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 20%CPEs: 39EXPL: 1CVE-2019-9511 – Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9511
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Algunas implementaciones de HTTP / 2 son vulnerables a la manip... • https://github.com/flyniu666/ingress-nginx-0.21-1.19.5 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 3%CPEs: 42EXPL: 0CVE-2019-9513 – Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9513
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. Algunas implementaciones de HTTP / 2 son vulnerables a los bucles de recursos, lo que puede conducir a una denegación de servicio. El atacante crea múltiples flujos de solicitud y baraja continuamente la prioridad de ... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 44EXPL: 0CVE-2019-9515 – Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service
https://notcve.org/view.php?id=CVE-2019-9515
13 Aug 2019 — Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. Algunas implementaciones de HTTP / 2 son vulnerables a una inundación de configuraciones, lo... • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •