Exposure of Apache Traffic Server
Web servers36
exposure score
3,267
sites use
0
exploited
3
critical
CVEs
63 resultsCVE-2021-32567—Reading HTTP/2 frames too many timesEPSS 2.4%CVE-2021-37147—Request Smuggling - LF line endingEPSS 2.4%CVE-2021-41585—ATS stops accepting connections on FreeBSDEPSS 2.4%CVE-2021-43082—heap-buffer-overflow with stats-over-http pluginEPSS 2.3%CVE-2017-7671—There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2.0, and 7.0.0 with the TLS handshake. This isEPSS 2.3%CVE-2021-32565—HTTP Request Smuggling, content length with invalid chartersEPSS 2.1%CVE-2020-17508—The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0EPSS 2.0%CVE-2023-30631—Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't workEPSS 2.0%CVE-2017-5660—There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prior and 7.0.0 and prior with the Host header and line folding. This can EPSS 2.0%CVE-2021-44040—HTTP request line fuzzing attacksEPSS 1.9%CVE-2021-38161—Not validating origin TLS certificateEPSS 1.9%CVE-2022-31779—Improper HTTP/2 scheme and method validationEPSS 1.9%CVE-2022-47184HIGHApache Traffic Server: The TRACE method can be use to disclose network informationEPSS 1.9%CVE-2018-11783—sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin.EPSS 1.9%CVE-2022-31780—HTTP/2 framing vulnerabilitiesEPSS 1.8%CVE-2022-28129—Insufficient Validation of HTTP/1.x HeadersEPSS 1.8%CVE-2020-17509—ATS negative cache option is vulnerable to a cache poisoning attack. If you have this option enabled, please upgrade or disable this featureEPSS 1.8%CVE-2021-37150MEDIUMProtocol vs scheme mismatchEPSS 1.7%CVE-2022-31778—Transfer-Encoding not treated as hop-by-hopEPSS 1.7%CVE-2022-25763MEDIUMImproper input validation on HTTP/2 headers EPSS 1.6%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →