Skip to main content

Traffic Server

60 CVEs product

Monthly

CVE-2025-49763 HIGH PATCH This Week

The ESI (Edge Side Includes) plugin in Apache Traffic Server lacks enforcement of maximum inclusion depth limits, allowing attackers to craft malicious ESI instructions that trigger excessive recursive inclusions and cause denial-of-service through memory exhaustion. This vulnerability affects Apache Traffic Server versions 9.0.0-9.2.10 and 10.0.0-10.0.5, with a CVSS score of 7.5 indicating high availability impact. The vulnerability is remotely exploitable without authentication and can be mitigated by upgrading to patched versions (9.2.11 or 10.0.6) or configuring the new --max-inclusion-depth setting.

Apache Denial Of Service Traffic Server Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-31698 HIGH PATCH This Week

CVE-2025-31698 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Authentication Bypass Traffic Server Red Hat
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-53868 HIGH This Week

Apache Traffic Server allows request smuggling if chunked messages are malformed.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Request Smuggling Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-56196 MEDIUM This Month

Improper Access Control vulnerability in Apache Traffic Server.0.0 through 10.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Traffic Server
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-56195 MEDIUM This Month

Improper Access Control vulnerability in Apache Traffic Server.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Traffic Server
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2024-38311 MEDIUM This Month

Improper Input Validation vulnerability in Apache Traffic Server.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-56202 MEDIUM This Month

Expected Behavior Violation vulnerability in Apache Traffic Server.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-35296 HIGH This Week

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2024-35161 HIGH This Week

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-41752 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Fedora
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-39456 HIGH This Week

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.0.0 through 9.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Fedora
NVD
CVSS 3.1
7.5
EPSS
53.5%
CVE-2023-33934 CRITICAL Act Now

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.2.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Traffic Server
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2023-33933 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.0.0 through 9.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-30631 HIGH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2022-40743 MEDIUM This Month

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.0.0 to 9.1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Traffic Server
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-37392 MEDIUM This Month

Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server.0.0 to 9.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2022-32749 HIGH This Week

Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions.0.0 through 9.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Traffic Server
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2022-31780 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-31779 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-31778 HIGH This Week

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.0.0 to 9.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-28129 HIGH This Week

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-25763 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Traffic Server Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-43082 CRITICAL PATCH Act Now

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apache Traffic Server
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-41585 HIGH PATCH This Week

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-38161 HIGH PATCH This Week

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.0.0 to 8.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Apache Authentication Bypass Traffic Server Debian Linux
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-37149 HIGH PATCH This Week

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-37148 HIGH PATCH This Week

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-37147 HIGH PATCH This Week

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-35474 CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Stack Overflow Traffic Server Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-32567 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-32566 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-32565 HIGH This Week

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-27577 HIGH This Week

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2021-27737 HIGH This Week

Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2020-9494 HIGH This Week

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-9481 HIGH PATCH This Week

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2020-1944 CRITICAL Act Now

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-10079 HIGH This Week

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Traffic Server
NVD
CVSS 3.1
7.5
EPSS
4.6%
CVE-2019-9518 HIGH This Week

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +14
NVD GitHub
CVSS 3.1
7.5
EPSS
25.4%
CVE-2019-9517 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Http Server Traffic Server Ubuntu Linux +19
NVD GitHub
CVSS 3.1
7.5
EPSS
27.0%
CVE-2019-9516 MEDIUM This Month

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +15
NVD GitHub
CVSS 3.1
6.5
EPSS
56.3%
CVE-2019-9515 HIGH This Week

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +18
NVD GitHub
CVSS 3.1
7.5
EPSS
87.8%
CVE-2019-9514 Go HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Debian Linux Ubuntu Linux +24
NVD GitHub
CVSS 3.1
7.5
EPSS
82.8%
CVE-2019-9513 HIGH This Week

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +16
NVD GitHub
CVSS 3.1
7.5
EPSS
82.0%
CVE-2019-9512 Go HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server Debian Linux Node Js
NVD GitHub
CVSS 3.1
7.5
EPSS
83.4%
CVE-2019-9511 HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Traffic Server Ubuntu Linux Debian Linux +16
NVD GitHub
CVSS 3.1
7.5
EPSS
58.4%
CVE-2018-8040 MEDIUM PATCH This Month

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Information Disclosure Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
8.6%
CVE-2018-8022 HIGH PATCH This Week

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD GitHub
CVSS 3.0
7.5
EPSS
7.5%
CVE-2018-8005 MEDIUM This Month

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
6.9%
CVE-2018-8004 MEDIUM PATCH This Month

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
6.3%
CVE-2018-1318 HIGH This Week

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
7.7%
CVE-2015-3249 CRITICAL Act Now

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Apache Traffic Server
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2014-3624 CRITICAL PATCH Act Now

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Traffic Server
NVD
CVSS 3.0
9.8
EPSS
0.4%
CVE-2015-5206 CRITICAL Act Now

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2015-5168 CRITICAL Act Now

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2017-5659 HIGH PATCH This Week

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-5396 HIGH PATCH This Week

Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2014-10022 MEDIUM This Month

Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Apache Traffic Server
NVD
CVSS 2.0
5.0
EPSS
2.7%
CVE-2014-3525 CRITICAL Act Now

Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
CVSS 2.0
10.0
EPSS
1.3%
CVE-2012-0256 MEDIUM PATCH This Month

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Apache Traffic Server
NVD
CVSS 2.0
5.0
EPSS
1.9%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The ESI (Edge Side Includes) plugin in Apache Traffic Server lacks enforcement of maximum inclusion depth limits, allowing attackers to craft malicious ESI instructions that trigger excessive recursive inclusions and cause denial-of-service through memory exhaustion. This vulnerability affects Apache Traffic Server versions 9.0.0-9.2.10 and 10.0.0-10.0.5, with a CVSS score of 7.5 indicating high availability impact. The vulnerability is remotely exploitable without authentication and can be mitigated by upgrading to patched versions (9.2.11 or 10.0.6) or configuring the new --max-inclusion-depth setting.

Apache Denial Of Service Traffic Server +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2025-31698 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Authentication Bypass Traffic Server +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Apache Traffic Server allows request smuggling if chunked messages are malformed.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Request Smuggling +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Improper Access Control vulnerability in Apache Traffic Server.0.0 through 10.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Traffic Server
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Improper Access Control vulnerability in Apache Traffic Server.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Traffic Server
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Improper Input Validation vulnerability in Apache Traffic Server.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Expected Behavior Violation vulnerability in Apache Traffic Server.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 53% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.0.0 through 9.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.2.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.0.0 through 9.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.0.0 to 9.1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Traffic Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server.0.0 to 9.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions.0.0 through 9.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Traffic Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.0.0 to 9.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.0.0 to 9.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling +3
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Apache Traffic Server
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.0.0 to 8.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Apache Authentication Bypass Traffic Server +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apache Stack Overflow +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure +2
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Request Smuggling Apache Information Disclosure +2
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Traffic Server +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Traffic Server +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-Encoding and Content length headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Information Disclosure +2
NVD
EPSS 5% CVSS 7.5
HIGH This Week

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Traffic Server
NVD
EPSS 25% CVSS 7.5
HIGH This Week

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +16
NVD GitHub
EPSS 27% CVSS 7.5
HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Http Server +21
NVD GitHub
EPSS 56% CVSS 6.5
MEDIUM This Month

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +17
NVD GitHub
EPSS 88% CVSS 7.5
HIGH This Week

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +20
NVD GitHub
EPSS 83% CVSS 7.5
HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +26
NVD GitHub
EPSS 82% CVSS 7.5
HIGH This Week

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +18
NVD GitHub
EPSS 83% CVSS 7.5
HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Swiftnio Traffic Server +2
NVD GitHub
EPSS 58% CVSS 7.5
HIGH PATCH This Week

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Swiftnio Traffic Server +18
NVD GitHub
EPSS 9% CVSS 5.3
MEDIUM PATCH This Month

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Information Disclosure Traffic Server +1
NVD GitHub
EPSS 7% CVSS 7.5
HIGH PATCH This Week

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD GitHub
EPSS 7% CVSS 5.3
MEDIUM This Month

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Traffic Server +1
NVD GitHub
EPSS 6% CVSS 6.5
MEDIUM PATCH This Month

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Apache Information Disclosure +2
NVD GitHub
EPSS 8% CVSS 7.5
HIGH This Week

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL Act Now

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Apache Traffic Server
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Traffic Server
NVD
EPSS 3% CVSS 5.0
MEDIUM This Month

Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Apache +1
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apache Traffic Server
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Apache +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy