Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache traffic server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-8022
A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.
Apache Traffic Server
7.5
CVSSv3
CVE-2022-47185
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: up to and including 9.2.1.
Apache Traffic Server
7.5
CVSSv3
CVE-2020-17509
ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this feature. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
Apache Traffic Server
7.5
CVSSv3
CVE-2021-41585
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an malicious user to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.
Apache Traffic Server
5.3
CVSSv3
CVE-2022-37392
Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
Apache Traffic Server
7.5
CVSSv3
CVE-2023-33933
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 up to and including 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrad...
Apache Traffic Server
9.1
CVSSv3
CVE-2023-33934
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: up to and including 9.2.1.
Apache Traffic Server
9.8
CVSSv3
CVE-2021-43082
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an malicious user to overwrite memory. This issue affects Apache Traffic Server 9.1.0.
Apache Traffic Server
7.5
CVSSv3
CVE-2017-5659
Apache Traffic Server prior to 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
Apache Traffic Server
7.5
CVSSv3
CVE-2018-11783
sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem exists in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1....
Apache Traffic Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »