Vulnerabilities > Apache > Traffic Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-07 | CVE-2018-11783 | Information Exposure vulnerability in Apache Traffic Server sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. | 7.5 |
| 2018-08-29 | CVE-2018-8040 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. | 5.3 |
| 2018-08-29 | CVE-2018-8022 | Improper Input Validation vulnerability in Apache Traffic Server A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. | 7.5 |
| 2018-08-29 | CVE-2018-8005 | Resource Exhaustion vulnerability in multiple products When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. | 5.3 |
| 2018-08-29 | CVE-2018-8004 | HTTP Request Smuggling vulnerability in multiple products There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). | 6.5 |
| 2018-08-29 | CVE-2018-1318 | Improper Input Validation vulnerability in multiple products Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. | 7.5 |
| 2018-02-27 | CVE-2017-7671 | Improper Input Validation vulnerability in multiple products There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. | 7.5 |
| 2018-02-27 | CVE-2017-5660 | Improper Input Validation vulnerability in multiple products There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. | 8.6 |
| 2017-10-30 | CVE-2015-3249 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Traffic Server 5.3.0 The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. | 9.8 |
| 2017-10-30 | CVE-2014-3624 | Improper Access Control vulnerability in Apache Traffic Server 5.1.0 Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | 9.8 |