cbcvebase.

Debian Trafficserver vulnerabilities

77 known vulnerabilities affecting debian/trafficserver.

Total CVEs
77
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL11HIGH51MEDIUM10LOW5

Vulnerabilities

Page 2 of 4
CVE-2023-44487HIGHCVSS 7.5KEVPoCfixed in dnsdist 1.8.2-2 (forky)2023
CVE-2023-44487 [HIGH] CVE-2023-44487: dnsdist - The HTTP/2 protocol allows a denial of service (server resource consumption) bec... The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 1.8.2-2) sid: resolved (fixed in 1.8.2-2) trixie: resolved (fixed in 1.8.2-2)
debian
CVE-2023-41752HIGHCVSS 7.5fixed in trafficserver 9.2.3+ds-1+deb12u1 (bookworm)2023
CVE-2023-41752 [HIGH] CVE-2023-41752: trafficserver - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac... Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue. Scope: local bookworm: resolved (fixed in 9.2.3+ds-1+deb12u1) bullseye: resolved (fixed
debian
CVE-2022-32749HIGHCVSS 7.5fixed in trafficserver 9.1.4+ds-1 (bookworm)2022
CVE-2022-32749 [HIGH] CVE-2022-32749: trafficserver - Improper Check for Unusual or Exceptional Conditions vulnerability handling requ... Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain conditions. This issue affects Apache Traffic Server: from 8.0.0 through 9.1.3. Scope: local bookworm: resolved (fixed in 9.1.4+ds-1) bullseye: resolved (fixed in 8.1.6+ds-1~deb11u1) sid: resolved (f
debian
CVE-2022-31780HIGHCVSS 7.5fixed in trafficserver 9.1.3+ds-1 (bookworm)2022
CVE-2022-31780 [HIGH] CVE-2022-31780: trafficserver - Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traff... Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Scope: local bookworm: resolved (fixed in 9.1.3+ds-1) bullseye: resolved (fixed in 8.1.5+ds-1~deb11u1) sid: resolved (fixed in 9.1.3+ds-1)
debian
CVE-2022-28129HIGHCVSS 7.5fixed in trafficserver 9.1.3+ds-1 (bookworm)2022
CVE-2022-28129 [HIGH] CVE-2022-28129: trafficserver - Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Tra... Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Scope: local bookworm: resolved (fixed in 9.1.3+ds-1) bullseye: resolved (fixed in 8.1.5+ds-1~deb11u1) sid: resolved (fixed in 9.1.3+ds-1)
debian
CVE-2022-31779HIGHCVSS 7.5fixed in trafficserver 9.1.3+ds-1 (bookworm)2022
CVE-2022-31779 [HIGH] CVE-2022-31779: trafficserver - Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traff... Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Scope: local bookworm: resolved (fixed in 9.1.3+ds-1) bullseye: resolved (fixed in 8.1.5+ds-1~deb11u1) sid: resolved (fixed in 9.1.3+ds-1)
debian
CVE-2022-31778HIGHCVSS 7.5fixed in trafficserver 9.1.3+ds-1 (bookworm)2022
CVE-2022-31778 [HIGH] CVE-2022-31778: trafficserver - Improper Input Validation vulnerability in handling the Transfer-Encoding header... Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2. Scope: local bookworm: resolved (fixed in 9.1.3+ds-1) bullseye: resolved (fixed in 8.1.5+ds-1~deb11u1) sid: resolved (fixed in 9.1.3+ds-1)
debian
CVE-2022-25763HIGHCVSS 7.5fixed in trafficserver 9.1.3+ds-1 (bookworm)2022
CVE-2022-25763 [HIGH] CVE-2022-25763: trafficserver - Improper Input Validation vulnerability in HTTP/2 request validation of Apache T... Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Scope: local bookworm: resolved (fixed in 9.1.3+ds-1) bullseye: resolved (fixed in 8.1.5+ds-1~deb11u1) sid: resolved (fixed in 9.1.3+ds-1)
debian
CVE-2022-47184HIGHCVSS 7.5fixed in trafficserver 9.2.0+ds-2+deb12u1 (bookworm)2022
CVE-2022-47184 [HIGH] CVE-2022-47184: trafficserver - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac... Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0. Scope: local bookworm: resolved (fixed in 9.2.0+ds-2+deb12u1) bullseye: resolved (fixed in 8.1.7+ds-1~deb11u1) sid: resolved (fixed in 9.2.1+ds-1)
debian
CVE-2022-47185HIGHCVSS 7.5fixed in trafficserver 9.2.3+ds-1+deb12u1 (bookworm)2022
CVE-2022-47185 [HIGH] CVE-2022-47185: trafficserver - Improper input validation vulnerability on the range header in Apache Software F... Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1. Scope: local bookworm: resolved (fixed in 9.2.3+ds-1+deb12u1) bullseye: resolved (fixed in 8.1.9+ds-1~deb11u1) sid: resolved (fixed in 9.2.2+ds-1)
debian
CVE-2022-37392MEDIUMCVSS 5.3fixed in trafficserver 9.1.4+ds-1 (bookworm)2022
CVE-2022-37392 [MEDIUM] CVE-2022-37392: trafficserver - Improper Check for Unusual or Exceptional Conditions vulnerability in handling t... Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. Scope: local bookworm: resolved (fixed in 9.1.4+ds-1) bullseye: resolved (fixed in 8.1.6+ds-1~deb11u1) sid: resolved (fixed in 9.1.4+ds-1)
debian
CVE-2022-40743MEDIUMCVSS 6.1fixed in trafficserver 9.1.4+ds-1 (bookworm)2022
CVE-2022-40743 [MEDIUM] CVE-2022-40743: trafficserver - Improper Input Validation vulnerability for the xdebug plugin in Apache Software... Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions. Scope: local bookworm: resolved (fixed in 9.1.4+ds-1) bullseye: resolved sid:
debian
CVE-2021-43082CRITICALCVSS 9.8fixed in trafficserver 9.1.1+ds-1 (bookworm)2021
CVE-2021-43082 [CRITICAL] CVE-2021-43082: trafficserver - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerabi... Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0. Scope: local bookworm: resolved (fixed in 9.1.1+ds-1) bullseye: resolved sid: resolved (fixed in 9.1.1+ds-1)
debian
CVE-2021-35474CRITICALCVSS 9.8fixed in trafficserver 8.1.1+ds-1.1 (bookworm)2021
CVE-2021-35474 [CRITICAL] CVE-2021-35474: trafficserver - Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic S... Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Scope: local bookworm: resolved (fixed in 8.1.1+ds-1.1) bullseye: resolved (fixed in 8.1.1+ds-1.1) sid: resolved (fixed in 8.1.1+ds-1.1)
debian
CVE-2021-37149HIGHCVSS 7.5fixed in trafficserver 9.1.1+ds-1 (bookworm)2021
CVE-2021-37149 [HIGH] CVE-2021-37149: trafficserver - Improper Input Validation vulnerability in header parsing of Apache Traffic Serv... Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Scope: local bookworm: resolved (fixed in 9.1.1+ds-1) bullseye: resolved (fixed in 8.1.1+ds-1.1+deb11u1) sid: resolved (fixed in 9.1.1+ds-1)
debian
CVE-2021-44040HIGHCVSS 7.5fixed in trafficserver 9.1.2+ds-1 (bookworm)2021
CVE-2021-44040 [HIGH] CVE-2021-44040: trafficserver - Improper Input Validation vulnerability in request line parsing of Apache Traffi... Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1. Scope: local bookworm: resolved (fixed in 9.1.2+ds-1) bullseye: resolved (fixed in 8.1.1+ds-1.1+deb11u1) sid: resolved (fixed in 9.1.2+ds-1)
debian
CVE-2021-44759HIGHCVSS 8.1fixed in trafficserver 9.1.0+ds-1 (bookworm)2021
CVE-2021-44759 [HIGH] CVE-2021-44759: trafficserver - Improper Authentication vulnerability in TLS origin validation of Apache Traffic... Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0. Scope: local bookworm: resolved (fixed in 9.1.0+ds-1) bullseye: resolved (fixed in 8.1.1+ds-1.1+deb11u1) sid: resolved (fixed in 9.1.0+ds-1)
debian
CVE-2021-37147HIGHCVSS 7.5fixed in trafficserver 9.1.1+ds-1 (bookworm)2021
CVE-2021-37147 [HIGH] CVE-2021-37147: trafficserver - Improper input validation vulnerability in header parsing of Apache Traffic Serv... Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. Scope: local bookworm: resolved (fixed in 9.1.1+ds-1) bullseye: resolved (fixed in 8.1.1+ds-1.1+deb11u1) sid: resolved (fixed in 9.1.1+ds-1)
debian
CVE-2021-32565HIGHCVSS 7.5fixed in trafficserver 8.1.1+ds-1.1 (bookworm)2021
CVE-2021-32565 [HIGH] CVE-2021-32565: trafficserver - Invalid values in the Content-Length header sent to Apache Traffic Server allows... Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Scope: local bookworm: resolved (fixed in 8.1.1+ds-1.1) bullseye: resolved (fixed in 8.1.1+ds-1.1) sid: resolved (fixed in 8.1.1+ds-1.1)
debian
CVE-2021-32567HIGHCVSS 7.5fixed in trafficserver 8.1.1+ds-1.1 (bookworm)2021
CVE-2021-32567 [HIGH] CVE-2021-32567: trafficserver - Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allow... Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Scope: local bookworm: resolved (fixed in 8.1.1+ds-1.1) bullseye: resolved (fixed in 8.1.1+ds-1.1) sid: resolved (fixed in 8.1.1+ds-1.1)
debian
← Previous2 / 4Next →