CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2019-10079
https://notcve.org/view.php?id=CVE-2019-10079
22 Oct 2019 — Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. Apache Traffic Server es vulnerable a los ataques de inundación de la configuración HTTP/2. Las versiones anteriores de Apache Traffic Server no limitaban el número de tramas de configuración enviadas desde el cliente utilizando el ... • https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04%40%3Cusers.trafficserver.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 2%CPEs: 10EXPL: 0CVE-2017-5660 – Debian Security Advisory 4128-1
https://notcve.org/view.php?id=CVE-2017-5660
27 Feb 2018 — There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can have issues when interacting with upstream proxies and the wrong host being used. Hay una vulnerabilidad en Apache Traffic Server (ATS) en versiones 6.2.0 y anteriores y versiones 7.0.0 y anteriores con la cabecera Host y el plegado de líneas. Esto puede provocar problemas al interactuar con proxies ascendentes empleando el host erróneo. Several vulnerabilities were dis... • https://lists.apache.org/thread.html/22d84783d94c53a5132ec89f002fe5165c87561a9428bcb6713b3c98%40%3Cdev.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3624
https://notcve.org/view.php?id=CVE-2014-3624
30 Oct 2017 — Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. Apache Traffic Server en versiones 5.1.x anteriores a la 5.1.1 permite que atacantes remotos omitan las restricciones de acceso aprovechando el error a la hora de crear un canal seguro para las peticiones de reasignación empleando CONNECT. • http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F%40minotaur.apache.org%3E • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5659
https://notcve.org/view.php?id=CVE-2017-5659
17 Apr 2017 — Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Apache Traffic Server en versiones anteriores a 6.2.1 genera un volcado de memoria cuando hay una falta de coincidencia entre la longitud del contenido y la codificación en fragmentos. • http://www.securityfocus.com/bid/97949 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2014-10022
https://notcve.org/view.php?id=CVE-2014-10022
13 Jan 2015 — Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. Apache Traffic Server anterior a 5.1.2 permite a atacantes remotos causar una denegación de servicio a través de vectores no especificados, relacionado con el tamaño de buffers internos. • http://mail-archives.apache.org/mod_mbox/trafficserver-users/201412.mbox/browser • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2002-1013 – Inktomi Traffic Server 4/5 - Traffic_Manager Path Argument Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1013
04 Oct 2002 — Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument. • https://www.exploit-db.com/exploits/21580 •