| Bug | stretch | buster | bullseye | sid | Description |
|---|
| CVE-2019-9518 | vulnerable | fixed | fixed | fixed | Some HTTP/2 implementations are vulnerable to a flood of empty frames, ... |
| CVE-2019-9515 | vulnerable | fixed | fixed | fixed | Some HTTP/2 implementations are vulnerable to a settings flood, potent ... |
| CVE-2019-9514 | vulnerable | fixed | fixed | fixed | Some HTTP/2 implementations are vulnerable to a reset flood, potential ... |
| CVE-2019-9512 | vulnerable | fixed | fixed | fixed | Some HTTP/2 implementations are vulnerable to ping floods, potentially ... |
| CVE-2019-10079 | vulnerable | fixed | fixed | fixed | Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ... |
| CVE-2018-11783 | vulnerable (no DSA, postponed) | fixed | fixed | fixed | sslheaders plugin extracts information from the client certificate and ... |
| Bug | Description |
|---|
| CVE-2018-8040 | Pages that are rendered using the ESI plugin can have access to the co ... |
| CVE-2018-8022 | A carefully crafted invalid TLS handshake can cause Apache Traffic Ser ... |
| CVE-2018-8005 | When there are multiple ranges in a range request, Apache Traffic Serv ... |
| CVE-2018-8004 | There are multiple HTTP smuggling and cache poisoning issues when clie ... |
| CVE-2018-1318 | Adding method ACLs in remap.config can cause a segfault when the user ... |
| CVE-2017-7671 | There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2 ... |
| CVE-2017-5660 | There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prio ... |
| CVE-2017-5659 | Apache Traffic Server before 6.2.1 generates a coredump when there is ... |
| CVE-2016-5396 | Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Att ... |
| CVE-2015-5206 | Unspecified vulnerability in the HTTP/2 experimental feature in Apache ... |
| CVE-2015-5168 | Unspecified vulnerability in the HTTP/2 experimental feature in Apache ... |
| CVE-2015-3249 | The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before ... |
| CVE-2014-3624 | Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to by ... |
| CVE-2014-3525 | Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ... |
| CVE-2014-10022 | Apache Traffic Server before 5.1.2 allows remote attackers to cause a ... |
| CVE-2012-0256 | Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3. ... |
| CVE-2010-2952 | Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, d ... |