Traffic Server
CVE-2014-3525
CRITICAL
Severity by source
AV:N/AC:L/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
AnalysisAI
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Affected products include: Apache Traffic Server. Version information: through 3.2.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Traffic Server
View allThe HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unkn
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown imp
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Ap
Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0
There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling at
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.2.1. Rated critical severity
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.0.0 th
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle a
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked enco
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Rated high severity (CVSS 7.5), this vulnerab
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today