Medium
Apache Traffic Server is vulnerable to a buffer overflow, caused by improper bounds checking by the stats-over-http plugin. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Apache Traffic Server is vulnerable to a denial of service, caused by an improper input validation flaw when accepting socket connections. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to make the server stop accepting new connections, and results in a denial of service condition.
Apache Traffic Server is vulnerable to a man-in-the-middle attack, caused by an improper authentication flaw in the TLS origin verification. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
Apache Traffic Server is vulnerable to HTTP request smuggling, caused by improper input validation in header parsing. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Apache Traffic Server is vulnerable to HTTP request smuggling, caused by improper input validation in header parsing. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Apache Traffic Server is vulnerable to HTTP request smuggling, caused by improper input validation in header parsing. By sending a specially-crafted HTTP(S) transfer-encoding request header, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Apache
Upgrade to the latest version of Apache Traffic Server, available from the Apache Web site.