Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Traffic_server
(Apache)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 69 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-13 | CVE-2019-9512 | Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | Traffic_server, Swiftnio, Debian_linux, Node\.js | 7.5 | ||
| 2019-10-22 | CVE-2019-10079 | Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions. | Traffic_server | 7.5 | ||
| 2020-03-23 | CVE-2019-17559 | There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | Traffic_server, Debian_linux | 9.8 | ||
| 2020-03-23 | CVE-2019-17565 | There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions. | Traffic_server, Debian_linux | 9.8 | ||
| 2017-04-17 | CVE-2017-5659 | Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | Traffic_server | 7.5 | ||
| 2017-04-17 | CVE-2016-5396 | Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | Traffic_server | 7.5 | ||
| 2015-01-13 | CVE-2014-10022 | Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. | Traffic_server | N/A | ||
| 2012-03-26 | CVE-2012-0256 | Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. | Traffic_server | N/A | ||
| 2010-09-13 | CVE-2010-2952 | Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response. | Traffic_server | N/A |