Vulnerabilities > Apache > Traffic Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-33934 Unspecified vulnerability in Apache Traffic Server
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.
network
low complexity
apache
critical
9.1
2021-11-03 CVE-2021-43082 Classic Buffer Overflow vulnerability in Apache Traffic Server
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory.
network
low complexity
apache CWE-120
critical
9.8
2021-06-30 CVE-2021-35474 Out-of-bounds Write vulnerability in multiple products
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.
network
low complexity
apache debian CWE-787
critical
9.8
2020-03-23 CVE-2019-17559 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and scheme parsing.
network
low complexity
apache debian CWE-444
critical
9.8
2020-03-23 CVE-2019-17565 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding.
network
low complexity
apache debian CWE-444
critical
9.8
2020-03-23 CVE-2020-1944 HTTP Request Smuggling vulnerability in multiple products
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers.
network
low complexity
apache debian CWE-444
critical
9.8
2017-10-30 CVE-2014-3624 Improper Access Control vulnerability in Apache Traffic Server 5.1.0
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
network
low complexity
apache CWE-284
critical
9.8
2017-10-30 CVE-2015-3249 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Traffic Server 5.3.0
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.
network
low complexity
apache CWE-119
critical
9.8
2017-09-13 CVE-2015-5168 Unspecified vulnerability in Apache Traffic Server 5.3.0/5.3.1
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.
network
low complexity
apache
critical
9.8
2017-09-13 CVE-2015-5206 Unspecified vulnerability in Apache Traffic Server 5.3.0/5.3.1
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.
network
low complexity
apache
critical
9.8