Vulnerabilities > Apache > Traffic Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-26 | CVE-2023-38522 | HTTP Request Smuggling vulnerability in Apache Traffic Server Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. | 7.5 |
| 2024-07-26 | CVE-2024-35161 | HTTP Request Smuggling vulnerability in Apache Traffic Server Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. | 7.5 |
| 2024-07-26 | CVE-2024-35296 | Unspecified vulnerability in Apache Traffic Server Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue. | 8.2 |
| 2023-10-17 | CVE-2023-39456 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue. | 7.5 |
| 2023-10-17 | CVE-2023-41752 | Information Exposure vulnerability in multiple products Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue. | 7.5 |
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-08-09 | CVE-2022-47185 | Improper Input Validation vulnerability in Apache Traffic Server Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | 7.5 |
| 2023-08-09 | CVE-2023-33934 | HTTP Request Smuggling vulnerability in Apache Traffic Server Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | 9.1 |
| 2023-06-14 | CVE-2022-47184 | Information Exposure vulnerability in multiple products Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0. | 7.5 |
| 2023-06-14 | CVE-2023-30631 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.push_method_enabled didn't function. However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions | 7.5 |