Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache traffic server vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-41585
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an malicious user to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.
Apache Traffic Server
8.1
CVSSv3
CVE-2021-38161
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.
Apache Traffic Server
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.8
CVSSv3
CVE-2021-3882
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authenticat...
Ledgersmb Ledgersmb
3.7
CVSSv3
CVE-2021-41136
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p...
Puma Puma
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv3
CVE-2021-42009
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitr...
Apache Traffic Control
7.5
CVSSv3
CVE-2021-32567
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an malicious user to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Apache Traffic Server
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2021-35474
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Apache Traffic Server
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-32566
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an malicious user to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Apache Traffic Server
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-32565
Invalid values in the Content-Length header sent to Apache Traffic Server allows an malicious user to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Apache Traffic Server
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-27577
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an malicious user to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Apache Traffic Server
Debian Debian Linux 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »