Vulnerabilities > Apache > Traffic Server > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-03 CVE-2021-37148 Improper Input Validation vulnerability in multiple products
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-11-03 CVE-2021-37149 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-11-03 CVE-2021-38161 Improper Authentication vulnerability in multiple products
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.
network
high complexity
apache debian CWE-287
8.1
8.1
2021-11-03 CVE-2021-41585 Improper Input Validation vulnerability in Apache Traffic Server
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections.
network
low complexity
apache CWE-20
7.5
7.5
2021-06-30 CVE-2021-32566 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-06-30 CVE-2021-32567 Improper Input Validation vulnerability in multiple products
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.
network
low complexity
apache debian CWE-20
7.5
7.5
2021-06-29 CVE-2021-27577 HTTP Request Smuggling vulnerability in multiple products
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.
network
low complexity
apache debian CWE-444
7.5
7.5
2021-06-29 CVE-2021-32565 HTTP Request Smuggling vulnerability in multiple products
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.
network
low complexity
apache debian CWE-444
7.5
7.5
2021-05-14 CVE-2021-27737 Unspecified vulnerability in Apache Traffic Server 9.0.0
Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.
network
low complexity
apache
7.5
7.5
2021-01-11 CVE-2020-17509 HTTP Request Smuggling vulnerability in Apache Traffic Server
ATS negative cache option is vulnerable to a cache poisoning attack.
network
low complexity
apache CWE-444
7.5
7.5