CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-28129 – Insufficient Validation of HTTP/1.x Headers
https://notcve.org/view.php?id=CVE-2022-28129
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis del encabezado HTTP/1.1 de Apache Traffic Server permite a un atacante enviar encabezados no válidos. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31778 – Transfer-Encoding not treated as hop-by-hop
https://notcve.org/view.php?id=CVE-2022-31778
Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el manejo de el encabezado Transfer-Encoding de Apache Traffic Server permite a un atacante envenenar la caché. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.0.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/04/msg00007.html https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37150 – Protocol vs scheme mismatch
https://notcve.org/view.php?id=CVE-2021-37150
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el análisis de encabezados de Apache Traffic Server permite a un atacante solicitar recursos seguros. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-31780 – HTTP/2 framing vulnerabilities
https://notcve.org/view.php?id=CVE-2022-31780
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Una vulnerabilidad de Comprobación de Entrada Inapropiada en el manejo de tramas HTTP/2 de Apache Traffic Server permite a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 9.1.2 • https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A https://www.debian.org/security/2022/dsa-5206 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-44759 – Improper authentication vulnerability in TLS origin verification
https://notcve.org/view.php?id=CVE-2021-44759
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0. Una vulnerabilidad de autenticación inapropiada en la comprobación de origen TLS de Apache Traffic Server permite a un atacante crear un ataque de tipo man in the middle. Este problema afecta a Apache Traffic Server versiones 8.0.0 a 8.1.0 • https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6 https://www.debian.org/security/2022/dsa-5153 • CWE-287: Improper Authentication •