pkg:Debian/trafficserver
97 total CVEsCRITICAL12HIGH72MEDIUM10
✅ Check your installed version
All known vulnerabilities
- from 0, < 8.1.9+ds-1~deb11u1
- CRITICAL9.8CVE-2021-43082Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server…from 0, < 9.1.1+ds-1
- CRITICAL9.8CVE-2021-35474Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server.from 0, < 8.1.1+ds-1.1
- CRITICAL9.8CVE-2020-1944There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and Transfer-E…from 0, < 8.0.6+ds-1
- CRITICAL9.8CVE-2019-17565There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked en…from 0, < 8.0.6+ds-1
- from 0, < 8.0.2+ds-1+deb10u2
- from 0, < 8.0.6+ds-1
- CRITICAL9.8CVE-2015-3249The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bo…from 0, < 5.3.1-1
- CRITICAL9.8CVE-2014-3624Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel rem…from 0, < 5.0.0-1
- CRITICAL9.8CVE-2015-5206Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and atta…from 0, < 6.0.0-1
- CRITICAL9.8CVE-2015-5168Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vect…from 0, < 6.0.0-1
- CRITICAL9.1CVE-2024-50306Unchecked return value can allow Apache Traffic Server to retain privileges on startup.from 0, < 8.1.11+ds-0+deb11u2
- CRITICAL9.1CVE-2023-33934Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: throu…from 0, < 8.1.9+ds-1~deb11u1
- from 0, < 7.0.0-6+deb9u1
- from 0, < 7.1.2+ds-1
- HIGH8.2CVE-2024-35296Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.from 0, < 8.1.11+ds-0+deb11u1
- HIGH8.1CVE-2021-44759Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle at…from 0, < 8.1.1+ds-1.1+deb11u1
- HIGH8.1CVE-2021-38161Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.from 0, < 8.1.1+ds-1.1+deb11u1
- HIGH7.5CVE-2025-65114Apache Traffic Server allows request smuggling if chunked messages are malformed.from 0
- from 0
- HIGH7.5CVE-2025-49763ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are…from 0
- HIGH7.5CVE-2025-31698ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.from 0
- from 0
- from 0, < 9.2.5+ds-0+deb12u3
- HIGH7.5CVE-2024-50305Valid Host header field can cause Apache Traffic Server to crash on some platforms.from 0
- from 0, < 8.1.11+ds-0+deb11u2
- from 0, < 8.1.11+ds-0+deb11u2
- HIGH7.5CVE-2024-35161Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers.from 0, < 8.1.11+ds-0+deb11u1
- from 0, < 8.1.11+ds-0+deb11u1
- from 0, < 9.2.5+ds-0+deb12u1
- from 0, < 8.1.11+ds-0+deb11u1
- from 0, < 8.1.10+ds-1~deb11u1
- from 0, < 8.1.10+ds-1~deb11u1
- from 0, < 8.1.7-0+deb10u4
- from 0, < 8.0.5+ds-1
- from 0, < 8.1.9+ds-1~deb11u1
- from 0, < 8.1.7-0+deb10u3
- HIGH7.5CVE-2023-39456Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: fro…from 0, < 9.2.3+ds-1+deb12u1
- from 0, < 8.1.9+ds-1~deb11u1
- from 0, < 8.1.7-0+deb10u2
- from 0, < 8.1.9+ds-1~deb11u1
- HIGH7.5CVE-2023-33933Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue aff…from 0, < 8.1.7+ds-1~deb11u1
- HIGH7.5CVE-2023-30631Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.from 0, < 8.1.7+ds-1~deb11u1
- from 0, < 8.1.7+ds-1~deb11u1
- from 0, < 8.1.7-0+deb10u1
- from 0, < 8.1.7+ds-1~deb11u1
- from 0, < 8.1.6+ds-1~deb11u1
- from 0, < 8.1.6+ds-1~deb11u1
- HIGH7.5CVE-2022-31780Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.from 0, < 8.1.5+ds-1~deb11u1
- HIGH7.5CVE-2022-31779Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.from 0, < 8.1.5+ds-1~deb11u1
- from 0, < 8.1.6+ds-1~deb10u1
- from 0, < 8.1.5+ds-1~deb11u1
- HIGH7.5CVE-2022-28129Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.from 0, < 8.1.5+ds-1~deb11u1
- HIGH7.5CVE-2022-25763Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache…from 0, < 8.1.5+ds-1~deb11u1
- from 0, < 8.0.2+ds-1+deb10u7
- from 0, < 8.1.5+ds-1~deb11u1
- from 0, < 8.1.5+ds-1~deb11u1
- from 0, < 8.0.5+ds-1
- HIGH7.5CVE-2021-44040Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests.from 0, < 8.1.1+ds-1.1+deb11u1
- HIGH7.5CVE-2021-37149Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.from 0, < 8.1.1+ds-1.1+deb11u1
- HIGH7.5CVE-2021-37148Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests.from 0, < 8.1.1+ds-1.1+deb11u1
- from 0, < 8.1.1+ds-1.1+deb11u1
- from 0, < 8.0.2+ds-1+deb10u6
- HIGH7.5CVE-2021-32567Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.from 0, < 8.1.1+ds-1.1
- HIGH7.5CVE-2021-32566Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.from 0, < 8.1.1+ds-1.1
- HIGH7.5CVE-2021-32565Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests.from 0, < 8.1.1+ds-1.1
- from 0, < 8.1.1+ds-1.1
- from 0, < 8.0.2+ds-1+deb10u5
- from 0, < 8.1.1+ds-1
- from 0, < 8.0.2+ds-1+deb10u4
- from 0, < 8.1.1+ds-1
- from 0, < 8.0.2+ds-1+deb10u3
- from 0, < 8.0.8+ds-1
- HIGH7.5CVE-2020-9481Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.from 0, < 8.0.7+ds-1
- from 0, < 8.0.5+ds-1
- from 0, < 8.0.2+ds-1+deb10u1
- HIGH7.5CVE-2019-9518Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service.from 0, < 8.0.5+ds-1
- HIGH7.5CVE-2019-9515Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service.from 0, < 8.0.5+ds-1
- HIGH7.5CVE-2018-11783sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin.from 0, < 8.0.2+ds-1
- HIGH7.5CVE-2018-8022A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault.from 0, < 7.0.0-1
- from 0, < 7.1.4+ds-1
- from 0, < 7.0.0-6+deb9u2
- HIGH7.5CVE-2017-7671There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake.from 0, < 7.1.2+ds-1
- HIGH7.5CVE-2017-5659Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.from 0, < 7.0.0-1
- from 0, < 7.0.0-1
- MEDIUM6.5CVE-2018-8004There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (AT…from 0, < 7.1.4+ds-1
- from 0
- from 0
- from 0, < 9.2.5+ds-0+deb12u2
- MEDIUM6.1CVE-2022-40743Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site sc…from 0, < 9.1.4+ds-1
- MEDIUM5.3CVE-2022-37392Improper Check for Unusual or Exceptional Conditions vulnerability in handling the requests to Apache Traffic Server.from 0, < 8.1.6+ds-1~deb11u1
- MEDIUM5.3CVE-2018-8040Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access.from 0, < 7.1.4+ds-1
- MEDIUM5.3CVE-2018-8005When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache.from 0, < 7.1.4+ds-1
- from 0
- —CVE-2014-10022Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer…from 0, < 5.2.0-1
- —CVE-2014-3525Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attac…from 0, < 5.0.1-1
- —CVE-2012-0256Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attac…from 0, < 3.0.4-1