Apache Traffic_server
11 CVEs affecting Apache Traffic_server. Latest disclosed: 2023-10-10. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-3249 | Critical | 9.8 | 2017-10-30 | The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daem… |
CVE-2014-3624 | Critical | 9.8 | 2017-10-30 | Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CO… |
CVE-2015-5206 | Critical | 9.8 | 2017-09-13 | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a differ… |
CVE-2015-5168 | Critical | 9.8 | 2017-09-13 | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vul… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2017-5659 | High | 7.5 | 2017-04-17 | Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. |
CVE-2016-5396 | High | 7.5 | 2017-04-17 | Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. |
CVE-2014-10022 | | 2015-01-13 | Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing. | |
CVE-2014-3525 | | 2014-08-22 | Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly… | |
CVE-2012-0256 | | 2012-03-26 | Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a deni… | |
CVE-2010-2952 | | 2010-09-13 | Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use D… |