CVE-2020-17509
https://notcve.org/view.php?id=CVE-2020-17509
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. La opción de caché negativa de Apache Traffic Server es vulnerable a un ataque de envenenamiento de caché afectando a versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.10 y versiones 8.0.0 hasta 8.0.7. Si posee esta opción habilitada, actualice o deshabilite esta función • https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2020-17508
https://notcve.org/view.php?id=CVE-2020-17508
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. El plugin ESI en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.11 y versiones 8.0.0 hasta 8.1.0, presenta una vulnerabilidad de divulgación de la memoria. Si está ejecutando el plugin, favor actualice a versión 7.1.12 o 8.1.1 o posterior • https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cannounce.trafficserver.apache.org%3E •
CVE-2020-9494
https://notcve.org/view.php?id=CVE-2020-9494
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. Apache Traffic Server versiones 6.0.0 hasta 6.2.3, 7.0.0 hasta 7.1.10 y 8.0.0 hasta 8.0.7, es vulnerable a determinados tipos de tramas HTTP/2 HEADERS que pueden causar que el servidor asigne una gran cantidad de memoria y girar el subproceso o hilo • http://www.openwall.com/lists/oss-security/2021/03/01/2 https://lists.apache.org/thread.html/rf7f86917f42fdaf904d99560cba0c016e03baea6244c47efeb60ecbe%40%3Cdev.trafficserver.apache.org%3E https://www.debian.org/security/2020/dsa-4710 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2020-9481
https://notcve.org/view.php?id=CVE-2020-9481
Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Apache ATS versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta la versión 7.1.9 y versiones 8.0.0 hasta 8.0.6, es vulnerable a un ataque de lectura lenta de HTTP/2. • https://lists.apache.org/thread.html/r21ddaf0a4a973f3c43c7ff399ae50d2f858f13f87bd6a9551c5cf6db%40%3Cannounce.trafficserver.apache.org%3E https://www.debian.org/security/2020/dsa-4672 • CWE-400: Uncontrolled Resource Consumption •
CVE-2020-1944
https://notcve.org/view.php?id=CVE-2020-1944
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Upgrade to versions 7.1.9 and 8.0.6 or later versions. Se presenta una vulnerabilidad en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.8 y versiones 8.0.0 hasta 8.0.5, con un ataque de tráfico no autorizado y encabezados Transfer-Encoding y Content Length. Actualice a las versiones 7.1.9 y 8.0.6 o versiones posteriores. • https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E https://www.debian.org/security/2020/dsa-4672 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •