Vulnerabilities > Apache > Traffic Server > 6.0.3

DATE CVE VULNERABILITY TITLE RISK
2024-11-20 CVE-2018-9481 Integer Overflow or Wraparound vulnerability in multiple products
In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow.
low complexity
google apache CWE-190
6.5
6.5
2021-01-11 CVE-2020-17509 HTTP Request Smuggling vulnerability in Apache Traffic Server
ATS negative cache option is vulnerable to a cache poisoning attack.
network
low complexity
apache CWE-444
7.5
7.5
2021-01-11 CVE-2020-17508 Unspecified vulnerability in Apache Traffic Server
The ATS ESI plugin has a memory disclosure vulnerability.
network
low complexity
apache
7.5
7.5
2020-06-24 CVE-2020-9494 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.
network
low complexity
apache debian CWE-770
7.5
7.5
2020-04-27 CVE-2020-9481 Resource Exhaustion vulnerability in multiple products
Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.
network
low complexity
apache debian CWE-400
7.5
7.5
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
 9.8
9.8
2019-10-22 CVE-2019-10079 Allocation of Resources Without Limits or Throttling vulnerability in Apache Traffic Server
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks.
network
low complexity
apache CWE-770
7.5
7.5
2019-08-13 CVE-2019-9518 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. 		7.5
7.5