CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-27577 – Incorrect handling of url fragment leads to cache poisoning
https://notcve.org/view.php?id=CVE-2021-27577
29 Jun 2021 — Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de manejo incorrecto de fragmentos de url de Apache Traffic Server, permite a un atacante envenenar la caché. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 Several vulnerabilities were discovered in Apac... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 0CVE-2021-27737
https://notcve.org/view.php?id=CVE-2021-27737
14 May 2021 — Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. Apache Traffic Server versión 9.0.0, es vulnerable a un ataque de tipo DOS remoto en el plugin Slicer experimental • https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2020-17508 – Debian Security Advisory 4805-1
https://notcve.org/view.php?id=CVE-2020-17508
28 Dec 2020 — The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. El plugin ESI en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.11 y versiones 8.0.0 hasta 8.1.0, presenta una vulnerabilidad de divulgación de la memoria. Si está ejecutando el plugin, favor actualice a versión 7.1.12 o 8.1.1 o posterior Two vulnerabilities were discovered in Apache Traffic ... • https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cannounce.trafficserver.apache.org%3E •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2020-17509 – Debian Security Advisory 4805-1
https://notcve.org/view.php?id=CVE-2020-17509
28 Dec 2020 — ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. La opción de caché negativa de Apache Traffic Server es vulnerable a un ataque de envenenamiento de caché afectando a versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.10 y versiones 8.0.0 hasta 8.0.7. Si posee esta opción habilitada, actualice o deshabilite esta función Two vuln... • https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-9494 – Debian Security Advisory 4710-1
https://notcve.org/view.php?id=CVE-2020-9494
24 Jun 2020 — Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. Apache Traffic Server versiones 6.0.0 hasta 6.2.3, 7.0.0 hasta 7.1.10 y 8.0.0 hasta 8.0.7, es vulnerable a determinados tipos de tramas HTTP/2 HEADERS que pueden causar que el servidor asigne una gran cantidad de memoria y girar el subproceso o hilo A vulnerability was discovered in Apache Traffic... • http://www.openwall.com/lists/oss-security/2021/03/01/2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2020-9481 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2020-9481
27 Apr 2020 — Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Apache ATS versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta la versión 7.1.9 y versiones 8.0.0 hasta 8.0.6, es vulnerable a un ataque de lectura lenta de HTTP/2. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling attacks. • https://lists.apache.org/thread.html/r21ddaf0a4a973f3c43c7ff399ae50d2f858f13f87bd6a9551c5cf6db%40%3Cannounce.trafficserver.apache.org%3E • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2020-1944 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2020-1944
23 Mar 2020 — There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. Se presenta una vulnerabilidad en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.8 y versiones 8.0.0 hasta 8.0.5, con un ataque de tráfico no autorizado y encabezados Transfer-Encoding y Content Length. Actualice a las versiones 7.1.9 y 8.0.6 o version... • https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-17559 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2019-17559
23 Mar 2020 — There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. Se presenta una vulnerabilidad en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.8 y versiones 8.0.0 hasta 8.0.5, con un ataque de tráfico no autorizado y análisis de esquemas. Actualice a las versiones 7.1.9 y 8.0.6 o versiones posteriores. Several vulnerabilities were discovered ... • https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-17565 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2019-17565
23 Mar 2020 — There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. Se presenta una vulnerabilidad en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.8 y versiones 8.0.0 hasta 8.0.5, con un ataque de tráfico no autorizado y codificación fragmentada. Actualice a las versiones 7.1.9 y 8.0.6 o versiones posteriores. Several vulnerabilities were disco... • https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2019-10079
https://notcve.org/view.php?id=CVE-2019-10079
22 Oct 2019 — Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. Apache Traffic Server es vulnerable a los ataques de inundación de la configuración HTTP/2. Las versiones anteriores de Apache Traffic Server no limitaban el número de tramas de configuración enviadas desde el cliente utilizando el ... • https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •