RSS   Vulnerabilities for 'Traffic server'   RSS

2017-10-30
 
CVE-2015-3249

CWE-119
 

 
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

 
 
CVE-2014-3624

CWE-284
 

 
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.

 
2017-09-13
 
CVE-2015-5206

 

 
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.

 
 
CVE-2015-5168

 

 
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.

 
2017-04-17
 
CVE-2017-5659

 

 
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.

 
 
CVE-2016-5396

 

 
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.

 
2015-01-13
 
CVE-2014-10022

CWE-119
 

 
Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.

 
2014-08-22
 
CVE-2014-3525

CWE-noinfo
 

 
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

 
2012-03-26
 
CVE-2012-0256

CWE-119
 

 
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.

 
2010-09-13
 
CVE-2010-2952

CWE-20
 

 
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.

 


Copyright 2017, cxsecurity.com

 

Back to Top