Vulnerabilities > Apache > Traffic Server > 7.1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-30 | CVE-2021-32566 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. | 5.0 |
2021-06-30 | CVE-2021-32567 | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. | 5.0 |
2021-06-30 | CVE-2021-35474 | Out-of-bounds Write vulnerability in multiple products Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. | 7.5 |
2021-06-29 | CVE-2021-27577 | HTTP Request Smuggling vulnerability in multiple products Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. | 5.0 |
2021-06-29 | CVE-2021-32565 | HTTP Request Smuggling vulnerability in multiple products Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. | 5.0 |
2021-01-11 | CVE-2020-17509 | HTTP Request Smuggling vulnerability in Apache Traffic Server ATS negative cache option is vulnerable to a cache poisoning attack. | 4.3 |
2021-01-11 | CVE-2020-17508 | Information Exposure vulnerability in Apache Traffic Server The ATS ESI plugin has a memory disclosure vulnerability. | 5.0 |
2020-06-24 | CVE-2020-9494 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. | 5.0 |
2020-04-27 | CVE-2020-9481 | Resource Exhaustion vulnerability in multiple products Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. | 5.0 |
2020-03-23 | CVE-2020-1944 | HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. | 9.8 |