Vulnerabilities > Apache > Traffic Server > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-33934 | HTTP Request Smuggling vulnerability in Apache Traffic Server Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. | 9.1 |
| 2021-11-03 | CVE-2021-43082 | Classic Buffer Overflow vulnerability in Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. | 9.8 |
| 2021-06-30 | CVE-2021-35474 | Out-of-bounds Write vulnerability in multiple products Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. | 9.8 |
| 2020-03-23 | CVE-2019-17559 | HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing. | 9.8 |
| 2020-03-23 | CVE-2019-17565 | HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. | 9.8 |
| 2020-03-23 | CVE-2020-1944 | HTTP Request Smuggling vulnerability in multiple products There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. | 9.8 |
| 2017-10-30 | CVE-2014-3624 | Improper Access Control vulnerability in Apache Traffic Server 5.1.0 Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. | 9.8 |
| 2017-10-30 | CVE-2015-3249 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Traffic Server 5.3.0 The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function. | 9.8 |
| 2017-09-13 | CVE-2015-5168 | Unspecified vulnerability in Apache Traffic Server 5.3.0/5.3.1 Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. | 9.8 |
| 2017-09-13 | CVE-2015-5206 | Unspecified vulnerability in Apache Traffic Server 5.3.0/5.3.1 Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. | 9.8 |