cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-50306,https://securityvulnerability.io/vulnerability/CVE-2024-50306,Apache Traffic Server Vulnerability: Unchecked Return Value Can Retain Privileges,"Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.",Apache,Apache Traffic Server,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-14T09:55:43.037Z,0 CVE-2024-50305,https://securityvulnerability.io/vulnerability/CVE-2024-50305,Apache Traffic Server Crash: Update to 9.2.6 or 10.0.2 to Avoid Issues,"Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.",Apache,Apache Traffic Server,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-14T09:54:20.652Z,0 CVE-2024-38479,https://securityvulnerability.io/vulnerability/CVE-2024-38479,Traffic Server Improper Input Validation Vulnerability,"Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.",Apache,Apache Traffic Server,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-14T09:52:14.291Z,0 CVE-2023-38522,https://securityvulnerability.io/vulnerability/CVE-2023-38522,Apache Traffic Server: Vulnerability in Field Names Allows Request Smuggling and Cache Poisoning,"Apache Traffic Server allows the acceptance of non-standard characters in HTTP field names, which can lead to the forwarding of malformed requests to origin servers. This behavior poses serious risks, including the potential for request smuggling attacks, where adversaries can manipulate the flow of requests to deceive application logic. Additionally, if the origin servers have their own vulnerabilities, this exploitation could facilitate cache poisoning, impacting the integrity and availability of cached content. Users are advised to upgrade to the patched versions (8.1.11 or 9.2.5) to mitigate these risks.",Apache,Apache Traffic Server,7.5,HIGH,0.002570000011473894,false,,false,false,false,,,false,false,,2024-07-26T09:11:20.419Z,0 CVE-2024-35296,https://securityvulnerability.io/vulnerability/CVE-2024-35296,Apache Traffic Server Vulnerability Affects Cache Lookup and Forwarding Requests,"A vulnerability exists in Apache Traffic Server that arises from an invalid Accept-Encoding header, causing disruptions in cache lookup processes. This flaw can result in forced request forwarding, which may inadvertently expose systems to operational inefficiencies or security risks. It affects multiple versions of Apache Traffic Server, specifically from 8.0.0 through 8.1.10 and from 9.0.0 through 9.2.4. To mitigate potential impacts, users are strongly advised to update to versions 8.1.11 or 9.2.5, which contain the necessary patches to address this issue.",Apache,Apache Traffic Server,8.2,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2024-07-26T09:11:11.221Z,0 CVE-2024-35161,https://securityvulnerability.io/vulnerability/CVE-2024-35161,Apache Traffic Server Vulnerable to Request Smuggling and Cache Poisoning via Malformed HTTP Chunked Trailers,"The Apache Traffic Server has a vulnerability that allows it to forward malformed HTTP chunked trailer sections to the origin servers. This improperly handled input can be exploited for request smuggling attacks and introduces the risk of cache poisoning when the origin servers are not properly secured. The affected versions range from 8.0.0 to 8.1.10 and from 9.0.0 to 9.2.4. Users are strongly advised to implement the configuration setting 'proxy.config.http.drop_chunked_trailers' to mitigate this risk and upgrade to versions 8.1.11 or 9.2.5, which provide the necessary fixes.",Apache,Apache Traffic Server,7.5,HIGH,0.002570000011473894,false,,false,false,false,,,false,false,,2024-07-26T09:10:56.281Z,0 CVE-2024-31309,https://securityvulnerability.io/vulnerability/CVE-2024-31309,Apache Traffic Server Vulnerable to HTTP/2 CONTINUATION DoS Attack,"HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue. ",Apache,Apache Traffic Server,,,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-10T12:07:16.975Z,0 CVE-2023-41752,https://securityvulnerability.io/vulnerability/CVE-2023-41752,Apache Traffic Server: s3_auth plugin problem with hash calculation,A vulnerability in Apache Traffic Server allows unauthorized actors to access sensitive information. This issue is present in versions 8.0.0 through 8.1.8 and 9.0.0 through 9.2.2. Users are strongly encouraged to upgrade to versions 8.1.9 or 9.2.3 to mitigate the risk of information exposure.,Apache,Apache Traffic Server,7.5,HIGH,0.001879999996162951,false,,false,false,false,,,false,false,,2023-10-17T07:15:00.000Z,0 CVE-2023-39456,https://securityvulnerability.io/vulnerability/CVE-2023-39456,Apache Traffic Server: Malformed http/2 frames can cause an abort,"An improper input validation vulnerability exists in Apache Traffic Server, particularly affecting versions 9.0.0 through 9.2.2, when handling malformed HTTP/2 frames. This flaw can potentially lead to unexpected behavior or denial of service, impacting the stability and reliability of affected installations. It is strongly recommended that users upgrade to Apache Traffic Server version 9.2.3 to resolve this issue and enhance security.",Apache,Apache Traffic Server,7.5,HIGH,0.0026100000832229853,false,,false,false,false,,,false,false,,2023-10-17T07:15:00.000Z,0 CVE-2023-33934,https://securityvulnerability.io/vulnerability/CVE-2023-33934,Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies,"An improper input validation vulnerability exists in Apache Traffic Server, which could allow an attacker to exploit the affected version through specially crafted input, potentially leading to security breaches. This issue impacts all versions of Apache Traffic Server up to 9.2.1, posing a risk to organizations and applications utilizing this server software.",Apache,Apache Traffic Server,9.1,CRITICAL,0.007899999618530273,false,,false,false,false,,,false,false,,2023-08-09T07:15:00.000Z,0 CVE-2022-47185,https://securityvulnerability.io/vulnerability/CVE-2022-47185,Apache Traffic Server: Invalid Range header causes a crash,"An improper input validation vulnerability exists in the range header of Apache Traffic Server, impacting versions through 9.2.1. This flaw could allow an attacker to craft malicious requests that exploit the input validation error, potentially leading to unintended behavior of the server. Organizations using Apache Traffic Server should investigate and apply appropriate mitigations to prevent exploitation.",Apache,Apache Traffic Server,7.5,HIGH,0.0030799999367445707,false,,false,false,false,,,false,false,,2023-08-09T06:57:40.407Z,0 CVE-2023-30631,https://securityvulnerability.io/vulnerability/CVE-2023-30631,Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work,"An improper input validation flaw exists in Apache Traffic Server due to the malfunction of the configuration option 'proxy.config.http.push_method_enabled'. By default, the PUSH method is restricted within the ip_allow configuration file, but the ineffective validation poses a potential risk. Users of Apache Traffic Server versions 8.0.0 through 9.2.0 are advised to upgrade: 8.x users should move to version 8.1.7 or later, while 9.x users should upgrade to version 9.2.1 or newer.",Apache,Apache Traffic Server,7.5,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2023-06-14T08:15:00.000Z,0 CVE-2023-33933,https://securityvulnerability.io/vulnerability/CVE-2023-33933,Apache Traffic Server: s3_auth plugin problem with hash calculation,A vulnerability in Apache Traffic Server allows unauthorized actors to access sensitive information due to improper handling of certain data. This affects versions from 8.0.0 through 9.2.0. Users are advised to upgrade to version 8.1.7 or later for the 8.x branch and to version 9.2.1 or later for the 9.x branch to mitigate this issue effectively.,Apache,Apache Traffic Server,7.5,HIGH,0.0008500000112690032,false,,false,false,false,,,false,false,,2023-06-14T08:15:00.000Z,0 CVE-2022-47184,https://securityvulnerability.io/vulnerability/CVE-2022-47184,Apache Traffic Server: The TRACE method can be use to disclose network information,"A vulnerability in Apache Traffic Server allows unauthorized actors to obtain sensitive information, potentially leading to unauthorized data access. This issue affects versions 8.0.0 to 9.2.0 of the server, highlighting the need for users to upgrade to the latest version to mitigate this risk.",Apache,Apache Traffic Server,7.5,HIGH,0.0032500000670552254,false,,false,false,false,,,false,false,,2023-06-14T07:42:36.126Z,0 CVE-2022-40743,https://securityvulnerability.io/vulnerability/CVE-2022-40743,Apache Traffic Server: Security issues with the xdebug plugin,"Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. ",Apache,Apache Traffic Server,6.1,MEDIUM,0.0027000000700354576,false,,false,false,false,,,false,false,,2022-12-19T11:06:14.186Z,0 CVE-2022-37392,https://securityvulnerability.io/vulnerability/CVE-2022-37392,Apache Traffic Server: Improperly reading the client requests,Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.,Apache,Apache Traffic Server,5.3,MEDIUM,0.0009399999980814755,false,,false,false,false,,,false,false,,2022-12-19T10:59:05.957Z,0 CVE-2022-32749,https://securityvulnerability.io/vulnerability/CVE-2022-32749,Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins," Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. ",Apache,Apache Traffic Server,7.5,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2022-12-19T10:51:57.466Z,0 CVE-2022-31779,https://securityvulnerability.io/vulnerability/CVE-2022-31779,Improper HTTP/2 scheme and method validation,Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.,Apache,Apache Traffic Server,7.5,HIGH,0.001979999942705035,false,,false,false,false,,,false,false,,2022-08-10T05:50:40.000Z,0 CVE-2022-25763,https://securityvulnerability.io/vulnerability/CVE-2022-25763,"Improper input validation on HTTP/2 headers ",Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.,Apache,Apache Traffic Server,7.5,HIGH,0.004360000137239695,false,,false,false,false,,,false,false,,2022-08-10T05:50:21.000Z,0 CVE-2022-28129,https://securityvulnerability.io/vulnerability/CVE-2022-28129," Insufficient Validation of HTTP/1.x Headers",Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.,Apache,Apache Traffic Server,7.5,HIGH,0.0028200000524520874,false,,false,false,false,,,false,false,,2022-08-10T00:00:00.000Z,0 CVE-2022-31778,https://securityvulnerability.io/vulnerability/CVE-2022-31778,Transfer-Encoding not treated as hop-by-hop,Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.,Apache,Apache Traffic Server,7.5,HIGH,0.0022499999031424522,false,,false,false,false,,,false,false,,2022-08-10T00:00:00.000Z,0 CVE-2021-37150,https://securityvulnerability.io/vulnerability/CVE-2021-37150,Protocol vs scheme mismatch,Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.,Apache,Apache Traffic Server,7.5,HIGH,0.003909999970346689,false,,false,false,false,,,false,false,,2022-08-10T00:00:00.000Z,0 CVE-2022-31780,https://securityvulnerability.io/vulnerability/CVE-2022-31780,"HTTP/2 framing vulnerabilities ",Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.,Apache,Apache Traffic Server,7.5,HIGH,0.0028200000524520874,false,,false,false,false,,,false,false,,2022-08-10T00:00:00.000Z,0 CVE-2021-44759,https://securityvulnerability.io/vulnerability/CVE-2021-44759,Improper authentication vulnerability in TLS origin verification,Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.,Apache,Apache Traffic Server,8.1,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2022-03-23T14:05:20.000Z,0 CVE-2021-44040,https://securityvulnerability.io/vulnerability/CVE-2021-44040,HTTP request line fuzzing attacks,Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.,Apache,Apache Traffic Server,7.5,HIGH,0.0018899999558925629,false,,false,false,false,,,false,false,,2022-03-23T14:05:15.000Z,0