Apache Software Foundation Traffic Server 7.1.11 Release Candidate 0

CPE Details

Apache Software Foundation Traffic Server 7.1.11 Release Candidate 0
apache
traffic_server
7.1.11
2021-01-12
16h32 +00:00
2021-01-12
16h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:traffic_server:7.1.11:rc0:*:*:*:*:*:*

Informations

Vendor

apache

Product

traffic_server

Version

7.1.11

Update

rc0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-35474 2021-06-30 05h15 +00:00 Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
9.8
Critical
CVE-2021-32567 2021-06-30 05h15 +00:00 Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
7.5
High
CVE-2021-32566 2021-06-30 05h15 +00:00 Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
7.5
High
CVE-2021-32565 2021-06-29 09h45 +00:00 Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
7.5
High
CVE-2021-27577 2021-06-29 09h45 +00:00 Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
7.5
High
CVE-2020-17508 2021-01-11 08h40 +00:00 The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
7.5
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.