Search CVE reports


Toggle filters

1 – 10 of 67 results


CVE-2024-50306

Medium priority
Needs evaluation

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-50305

Medium priority
Needs evaluation

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38479

Medium priority
Needs evaluation

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-35296

Medium priority
Needs evaluation

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-35161

Medium priority
Needs evaluation

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-38522

Medium priority
Needs evaluation

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-31309

Medium priority
Needs evaluation

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-41752

Medium priority
Needs evaluation

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to...

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-39456

Medium priority
Needs evaluation

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.

1 affected package

trafficserver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-44487

High priority

Some fixes available 18 of 55

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

13 affected packages

dotnet6, dotnet7, dotnet8, h2o, haproxy...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotnet6 Not in release Fixed Not in release Not in release Not in release
dotnet7 Not in release Fixed Not in release Not in release Not in release
dotnet8 Fixed Not affected Not in release Not in release Not in release
h2o Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
haproxy Not affected Not affected Not affected Fixed Not affected
netty Not affected Fixed Fixed Not affected Not affected
nghttp2 Not affected Fixed Fixed Fixed Fixed
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Not affected Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 13 packages Show less packages