CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 10%CPEs: 4EXPL: 0CVE-2021-35474 – Dynamic stack buffer overflow in cachekey plugin
https://notcve.org/view.php?id=CVE-2021-35474
30 Jun 2021 — Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en el plugin cachekey de Apache Traffic Server. Este problema afecta a Apache Traffic Server 7.0.0 a 7.1.12, 8.0.0 a 8.1.1, 9.0.0 a 9.0.1 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could res... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2021-32567 – Reading HTTP/2 frames too many times
https://notcve.org/view.php?id=CVE-2021-32567
30 Jun 2021 — Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de comprobación inapropiada de entrada en HTTP/2 de Apache Traffic Server, permite a un atacante realizar un DOS en el servidor. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 Several vulnerabilities were ... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 6%CPEs: 4EXPL: 0CVE-2021-32566 – Specific sequence of HTTP/2 frames can cause ATS to crash
https://notcve.org/view.php?id=CVE-2021-32566
30 Jun 2021 — Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de comprobación inapropiada de entrada en HTTP/2 de Apache Traffic Server, permite a un atacante realizar un DOS en el servidor. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 Several vulnerabilities were ... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 13%CPEs: 4EXPL: 0CVE-2021-32565 – HTTP Request Smuggling, content length with invalid charters
https://notcve.org/view.php?id=CVE-2021-32565
29 Jun 2021 — Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Unos valores no válidos en la cabecera Content-Length enviada a Apache Traffic Server, permiten a un atacante contrabandear peticiones. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 Several vulnerabilities were discovered ... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2021-27577 – Incorrect handling of url fragment leads to cache poisoning
https://notcve.org/view.php?id=CVE-2021-27577
29 Jun 2021 — Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Una vulnerabilidad de manejo incorrecto de fragmentos de url de Apache Traffic Server, permite a un atacante envenenar la caché. Este problema afecta a Apache Traffic Server versiones 7.0.0 hasta 7.1.12, versiones 8.0.0 hasta 8.1.1, versiones 9.0.0 hasta 9.0.1 Several vulnerabilities were discovered in Apac... • https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2020-17508 – Debian Security Advisory 4805-1
https://notcve.org/view.php?id=CVE-2020-17508
28 Dec 2020 — The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. El plugin ESI en Apache Traffic Server versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.11 y versiones 8.0.0 hasta 8.1.0, presenta una vulnerabilidad de divulgación de la memoria. Si está ejecutando el plugin, favor actualice a versión 7.1.12 o 8.1.1 o posterior Two vulnerabilities were discovered in Apache Traffic ... • https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cannounce.trafficserver.apache.org%3E •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2020-17509 – Debian Security Advisory 4805-1
https://notcve.org/view.php?id=CVE-2020-17509
28 Dec 2020 — ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. La opción de caché negativa de Apache Traffic Server es vulnerable a un ataque de envenenamiento de caché afectando a versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta 7.1.10 y versiones 8.0.0 hasta 8.0.7. Si posee esta opción habilitada, actualice o deshabilite esta función Two vuln... • https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cannounce.trafficserver.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2020-9494 – Debian Security Advisory 4710-1
https://notcve.org/view.php?id=CVE-2020-9494
24 Jun 2020 — Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. Apache Traffic Server versiones 6.0.0 hasta 6.2.3, 7.0.0 hasta 7.1.10 y 8.0.0 hasta 8.0.7, es vulnerable a determinados tipos de tramas HTTP/2 HEADERS que pueden causar que el servidor asigne una gran cantidad de memoria y girar el subproceso o hilo A vulnerability was discovered in Apache Traffic... • http://www.openwall.com/lists/oss-security/2021/03/01/2 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2020-9481 – Debian Security Advisory 4672-1
https://notcve.org/view.php?id=CVE-2020-9481
27 Apr 2020 — Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Apache ATS versiones 6.0.0 hasta 6.2.3, versiones 7.0.0 hasta la versión 7.1.9 y versiones 8.0.0 hasta 8.0.6, es vulnerable a un ataque de lectura lenta de HTTP/2. Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling attacks. • https://lists.apache.org/thread.html/r21ddaf0a4a973f3c43c7ff399ae50d2f858f13f87bd6a9551c5cf6db%40%3Cannounce.trafficserver.apache.org%3E • CWE-400: Uncontrolled Resource Consumption •