Vulnerabilities > Apache > Traffic Server

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2018-9481 Integer Overflow or Wraparound vulnerability in multiple products
In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow.
low complexity
google apache CWE-190
6.5
2024-07-26 CVE-2023-38522 Unspecified vulnerability in Apache Traffic Server
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers.
network
low complexity
apache
7.5
2024-07-26 CVE-2024-35161 Unspecified vulnerability in Apache Traffic Server
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers.
network
low complexity
apache
7.5
2024-07-26 CVE-2024-35296 Unspecified vulnerability in Apache Traffic Server
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
network
low complexity
apache
8.2
2023-10-17 CVE-2023-39456 Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.
network
low complexity
apache fedoraproject
7.5
2023-10-17 CVE-2023-41752 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.
network
low complexity
apache fedoraproject
7.5
2023-10-10 CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. 7.5
2023-08-09 CVE-2022-47185 Unspecified vulnerability in Apache Traffic Server
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
network
low complexity
apache
7.5
2023-08-09 CVE-2023-33934 Unspecified vulnerability in Apache Traffic Server
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
network
low complexity
apache
critical
9.1
2023-06-14 CVE-2022-47184 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.
network
low complexity
apache debian
7.5