Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache traffic server vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2022-33684
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an malicious user to perform a man in the middle attac...
Apache Pulsar
8.1
CVSSv3
CVE-2021-44759
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an malicious user to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.
Apache Traffic Server
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.1
CVSSv3
CVE-2021-38161
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.
Apache Traffic Server
Debian Debian Linux 10.0
Debian Debian Linux 11.0
8.1
CVSSv3
CVE-2016-5388
Apache Tomcat 7.x up to and including 7.0.70 and 8.x up to and including 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi...
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Hpc Node 7.0
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Hpc Node Eus 7.2
Hp System Management Homepage
Redhat Enterprise Linux Hpc Node 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Oracle Linux 6
Oracle Linux 7
Apache Tomcat
1 Article
7.5
CVSSv3
CVE-2023-41752
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 up to and including 8.1.8, from 9.0.0 up to and including 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, whic...
Apache Traffic Server
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.5
CVSSv3
CVE-2023-39456
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 up to and including 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.
Apache Traffic Server
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
7.5
CVSSv3
CVE-2022-47185
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: up to and including 9.2.1.
Apache Traffic Server
7.5
CVSSv3
CVE-2023-30631
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects A...
Apache Traffic Server
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Fedoraproject Fedora 37
Fedoraproject Fedora 38
7.5
CVSSv3
CVE-2023-33933
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 up to and including 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrad...
Apache Traffic Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »