Search CVE reports
11 – 20 of 74 results
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are...
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache...
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new...
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 29 of 42
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
13 affected packages
haproxy, tomcat10, tomcat9, trafficserver, h2o...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| haproxy | Not affected | Not affected | Not affected | Fixed |
| tomcat10 | Not affected | Not in release | Not in release | Ignored |
| tomcat9 | Not affected | Fixed | Fixed | Fixed |
| trafficserver | Not affected | Fixed | Fixed | Not affected |
| h2o | Not affected | Not affected | Not affected | Fixed |
| tomcat8 | Not in release | Not in release | Not in release | Fixed |
| dotnet6 | Not in release | Fixed | Not in release | Not in release |
| dotnet7 | Not in release | Fixed | Not in release | Not in release |
| dotnet8 | Fixed | Not affected | Not in release | Not in release |
| nginx | Not affected | Not affected | Not affected | Not affected |
| nghttp2 | Not affected | Fixed | Fixed | Fixed |
| nodejs | Not affected | Fixed | Fixed | Fixed |
| netty | Not affected | Fixed | Fixed | Not affected |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to...
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin...
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or...
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the...
1 affected package
trafficserver
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| trafficserver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |