Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Apache Traffic Server — Vulnerabilities & Security Advisories 63

All 63 CVE vulnerabilities found in Apache Traffic Server, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPaused
CVE-2025-65114 Apache Traffic Server: Malformed chunked message body allows request smuggling CWE-444 7.5AIHighAI2026-04-02
CVE-2025-58136 Apache Traffic Server: A simple legitimate POST request causes a crash CWE-670 7.5AIHighAI2026-04-02
CVE-2025-31698 Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL CWE-284--AI2025-06-19
CVE-2025-49763 Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin CWE-400 7.5AIHighAI2025-06-19
CVE-2024-53868 Apache Traffic Server: Malformed chunked message body allows request smuggling CWE-444 7.5AIHighAI2025-04-03
CVE-2024-38311 Apache Traffic Server: Request smuggling via pipelining after a chunked message body CWE-20 7.5 -2025-03-06
CVE-2024-56195 Apache Traffic Server: Intercept plugins are not access controlled CWE-284--2025-03-06
CVE-2024-56196 Apache Traffic Server: ACL is not fully compatible with older versions CWE-284--2025-03-06
CVE-2024-56202 Apache Traffic Server: Expect header field can unreasonably retain resource CWE-440 9.1 -2025-03-06
CVE-2024-50306 Apache Traffic Server: Server process can fail to drop privilege CWE-252 9.8 -2024-11-14
CVE-2024-50305 Apache Traffic Server: Valid Host field value can cause crashes CWE-20 6.5 -2024-11-14
CVE-2024-38479 Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack CWE-20 9.1 -2024-11-14
CVE-2023-38522 Apache Traffic Server: Incomplete field name check allows request smuggling CWE-444 5.3 -2024-07-26
CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests CWE-20 5.3 -2024-07-26
CVE-2024-35161 Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling CWE-444 5.3 -2024-07-26
CVE-2024-31309 Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack CWE-20 7.5 -2024-04-10
CVE-2023-39456 Apache Traffic Server: Malformed http/2 frames can cause an abort CWE-20 7.5 -2023-10-17
CVE-2023-41752 Apache Traffic Server: s3_auth plugin problem with hash calculation CWE-200 7.5 -2023-10-17
CVE-2023-33934 Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies CWE-444 8.2 -2023-08-09
CVE-2022-47185 Apache Traffic Server: Invalid Range header causes a crash CWE-20 8.2 -2023-08-09
CVE-2023-30631 Apache Traffic Server: Configuration option to block the PUSH method in ATS didn't work CWE-20 7.5 -2023-06-14
CVE-2023-33933 Apache Traffic Server: s3_auth plugin problem with hash calculation CWE-200 7.5 -2023-06-14
CVE-2022-47184 Apache Traffic Server: The TRACE method can be use to disclose network information CWE-200 7.5 -2023-06-14
CVE-2022-40743 Apache Traffic Server: Security issues with the xdebug plugin CWE-79 6.1 -2022-12-19
CVE-2022-37392 Apache Traffic Server: Improperly reading the client requests CWE-754 8.2 -2022-12-19
CVE-2022-32749 Apache Traffic Server: Improperly handled requests can cause crashes in specific plugins CWE-754 7.5 -2022-12-19
CVE-2022-31779 Improper HTTP/2 scheme and method validation CWE-20 7.5 -2022-08-10
CVE-2022-25763 Improper input validation on HTTP/2 headers CWE-444 7.5 -2022-08-10
CVE-2021-37150 Protocol vs scheme mismatch CWE-20 7.5 -2022-08-10
CVE-2022-28129 Insufficient Validation of HTTP/1.x Headers CWE-20 7.5 -2022-08-10

All 63 known CVE vulnerabilities affecting Apache Traffic Server with full Chinese analysis, references, and POCs where available.