Product:

Traefik

(Traefik)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 16
Date Id Summary Products Score Patch Annotated
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Http_server, Opensearch_data_prepper, Apisix, Solr, Tomcat, Traffic_server, Swiftnio_http\/2, Caddy, Connected_mobile_experiences, Crosswork_data_gateway, Crosswork_zero_touch_provisioning, Data_center_network_manager, Enterprise_chat_and_email, Expressway, Firepower_threat_defense, Fog_director, Ios_xe, Ios_xr, Iot_field_network_director, Nx\-Os, Prime_access_registrar, Prime_cable_provisioning, Prime_infrastructure, Prime_network_registrar, Secure_dynamic_attributes_connector, Secure_malware_analytics, Secure_web_appliance_firmware, Telepresence_video_communication_server, Ultra_cloud_core_\-_policy_control_function, Ultra_cloud_core_\-_serving_gateway_function, Ultra_cloud_core_\-_session_management_function, Unified_attendant_console_advanced, Unified_contact_center_domain_manager, Unified_contact_center_enterprise, Unified_contact_center_enterprise_\-_live_data_server, Unified_contact_center_management_portal, Debian_linux, H2o, Jetty, Envoy, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_advanced_web_application_firewall, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_application_visibility_and_reporting, Big\-Ip_carrier\-Grade_nat, Big\-Ip_ddos_hybrid_defender, Big\-Ip_domain_name_system, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_next, Big\-Ip_next_service_proxy_for_kubernetes, Big\-Ip_policy_enforcement_manager, Big\-Ip_ssl_orchestrator, Big\-Ip_webaccelerator, Big\-Ip_websafe, Nginx, Nginx_ingress_controller, Nginx_plus, Proxygen, Fedora, Go, Http2, Networking, Grpc, Http, Istio, Jenkins, Http2, Kong_gateway, Armeria, Linkerd, \.net, Asp\.net_core, Azure_kubernetes_service, Cbl\-Mariner, Visual_studio_2022, Windows_10_1607, Windows_10_1809, Windows_10_21h2, Windows_10_22h2, Windows_11_21h2, Windows_11_22h2, Windows_server_2016, Windows_server_2019, Windows_server_2022, Astra_control_center, Oncommand_insight, Netty, Nghttp2, Node\.js, Openresty, Contour, 3scale_api_management_platform, Advanced_cluster_management_for_kubernetes, Advanced_cluster_security, Ansible_automation_platform, Build_of_optaplanner, Build_of_quarkus, Ceph_storage, Cert\-Manager_operator_for_red_hat_openshift, Certification_for_red_hat_enterprise_linux, Cost_management, Cryostat, Decision_manager, Enterprise_linux, Fence_agents_remediation_operator, Integration_camel_for_spring_boot, Integration_camel_k, Integration_service_registry, Jboss_a\-Mq, Jboss_a\-Mq_streams, Jboss_core_services, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Logging_subsystem_for_red_hat_openshift, Machine_deletion_remediation_operator, Migration_toolkit_for_applications, Migration_toolkit_for_containers, Migration_toolkit_for_virtualization, Network_observability_operator, Node_healthcheck_operator, Node_maintenance_operator, Openshift, Openshift_api_for_data_protection, Openshift_container_platform, Openshift_container_platform_assisted_installer, Openshift_data_science, Openshift_dev_spaces, Openshift_developer_tools_and_services, Openshift_distributed_tracing, Openshift_gitops, Openshift_pipelines, Openshift_sandboxed_containers, Openshift_secondary_scheduler_operator, Openshift_serverless, Openshift_service_mesh, Openshift_virtualization, Openstack_platform, Process_automation, Quay, Run_once_duration_override_operator, Satellite, Self_node_remediation_operator, Service_interconnect, Service_telemetry_framework, Single_sign\-On, Support_for_spring_boot, Web_terminal, Traefik, Varnish_cache 7.5
2020-03-16 CVE-2020-9321 configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging. Traefik 7.5
2020-07-30 CVE-2020-15129 In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely... Traefik 4.7
2021-08-03 CVE-2021-32813 Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain... Traefik 8.1
2022-02-17 CVE-2022-23632 Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default... Communications_unified_inventory_management, Traefik 7.5
2022-10-11 CVE-2022-39271 Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds. Traefik 7.5