📦 Traffic Server
by Apache
🔍 What is Traffic Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
Apache Traffic Server fails to properly handle return values during startup, potentially allowing the service to retain elevated privileges it should drop. This affects all users running Apache Traffi...
CVE-2023-33934 is an improper input validation vulnerability in Apache Traffic Server that could allow remote attackers to execute arbitrary code or cause denial of service. This affects all Apache Tr...
This CVE describes a classic buffer overflow vulnerability in Apache Traffic Server's stats-over-http plugin that allows attackers to overwrite memory. Attackers could potentially execute arbitrary co...
A stack-based buffer overflow vulnerability in Apache Traffic Server's cachekey plugin allows remote attackers to execute arbitrary code or cause denial of service. This affects Apache Traffic Server ...
Apache Traffic Server versions 9.0.0-9.2.10 and 10.0.0-10.0.6 have an ACL bypass vulnerability when using PROXY protocol. The access control lists in ip_allow.config or remap.config fail to properly u...
Apache Traffic Server is vulnerable to HTTP request smuggling when processing malformed chunked messages. This allows attackers to bypass security controls, poison caches, or hijack user sessions. Aff...
A vulnerability in Apache Traffic Server allows a specially crafted Host header to cause a denial-of-service crash. This affects Apache Traffic Server versions 9.2.0 through 9.2.5 on some platforms, p...
Apache Traffic Server has an improper input validation vulnerability (CWE-20) that could allow attackers to cause denial of service or potentially execute arbitrary code by sending specially crafted r...
Apache Traffic Server versions 8.0.0-8.1.10 and 9.0.0-9.2.4 have a vulnerability where specially crafted Accept-Encoding headers can bypass cache lookups, forcing requests to be forwarded to origin se...
Apache Traffic Server improperly validates HTTP field names, allowing characters that violate HTTP specifications. This enables attackers to craft malformed requests that can lead to HTTP request smug...
Apache Traffic Server versions 8.0.0-8.1.8 and 9.0.0-9.2.2 expose sensitive information to unauthorized actors. This CWE-200 vulnerability allows attackers to access confidential data they shouldn't h...
CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...
This vulnerability allows attackers to exploit improper input validation in Apache Traffic Server's range header handling. Attackers could cause denial of service or potentially execute arbitrary code...
Apache Traffic Server versions 8.0.0 through 9.2.0 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive information. This affects all users running vulne...
Apache Traffic Server versions 8.0.0 through 9.2.0 contain an information disclosure vulnerability that allows unauthorized actors to access sensitive information. This affects all deployments running...
CVE-2021-44040 is an improper input validation vulnerability in Apache Traffic Server's request line parsing that allows attackers to send invalid requests, potentially causing denial of service or ot...
This CVE describes an improper input validation vulnerability in Apache Traffic Server's header parsing that allows attackers to smuggle HTTP requests. Attackers can bypass security controls and poten...
An improper input validation vulnerability in Apache Traffic Server's socket connection handling allows attackers to send malicious requests that cause the server to stop accepting new connections. Th...
CVE-2021-37147 is an improper input validation vulnerability in Apache Traffic Server's header parsing that allows HTTP request smuggling. Attackers can exploit this to bypass security controls, poiso...
CVE-2021-32566 is an improper input validation vulnerability in Apache Traffic Server's HTTP/2 implementation that allows attackers to cause a denial-of-service (DoS) condition. The vulnerability affe...
Apache Traffic Server incorrectly handles URL fragments, allowing attackers to poison the cache by manipulating fragment identifiers. This affects Apache Traffic Server versions 7.0.0 to 7.1.12, 8.0.0...
Apache Traffic Server versions 10.0.0 through 10.0.3 contain an improper access control vulnerability (CWE-284) that could allow unauthorized access to restricted resources. This affects all users run...
Apache Traffic Server has an improper input validation vulnerability that could allow attackers to cause denial of service or potentially execute arbitrary code by sending specially crafted requests. ...