Filtered by vendor Apache Subscriptions
Filtered by product Traffic Server Subscriptions
Total 70 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-5659 1 Apache 1 Traffic Server 2024-11-21 N/A
Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.
CVE-2016-5396 1 Apache 1 Traffic Server 2024-11-21 N/A
Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.
CVE-2015-5206 1 Apache 1 Traffic Server 2024-11-21 N/A
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.
CVE-2015-5168 1 Apache 1 Traffic Server 2024-11-21 N/A
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.
CVE-2015-3249 1 Apache 1 Traffic Server 2024-11-21 N/A
The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.
CVE-2014-3624 1 Apache 1 Traffic Server 2024-11-21 N/A
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
CVE-2014-3525 1 Apache 1 Traffic Server 2024-11-21 N/A
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.
CVE-2014-10022 1 Apache 1 Traffic Server 2024-11-21 N/A
Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.
CVE-2012-0256 1 Apache 1 Traffic Server 2024-11-21 N/A
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
CVE-2010-2952 1 Apache 1 Traffic Server 2024-11-21 N/A
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.