Page 6 of 46 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de comprobación inapropiada de entrada en HTTP/2 de Apache Traffic Server, permite a un atacante realizar un DOS en el servidor. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E https://www.debian.org/security/2021/dsa-4957 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de comprobación inapropiada de entrada en HTTP/2 de Apache Traffic Server, permite a un atacante realizar un DOS en el servidor. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E https://www.debian.org/security/2021/dsa-4957 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Unos valores no válidos en la cabecera Content-Length enviada a Apache Traffic Server, permiten a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E https://www.debian.org/security/2021/dsa-4957 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de manejo incorrecto de fragmentos de url de Apache Traffic Server, permite a un atacante envenenar la caché. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E https://www.debian.org/security/2021/dsa-4957 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. La opción de caché negativa de Apache Traffic Server es vulnerable a un ataque de envenenamiento de caché afectando a versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.10 y versiones 8.0.0 hasta 8.0.7. Si posee esta opción habilitada, actualice o deshabilite esta función • https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •