Information on source package trafficserver

Available versions

ReleaseVersion
bullseye8.1.10+ds-1~deb11u1
bullseye (security)8.1.11+ds-0+deb11u2
bookworm9.2.5+ds-0+deb12u2
bookworm (security)9.2.5+ds-0+deb12u3
sid9.2.5+ds-1

Open issues

BugbullseyebookwormsidDescription
CVE-2025-49763vulnerablefixedvulnerableESI plugin does not have the limit for maximum inclusion depth, and th ...
CVE-2025-31698vulnerablefixedvulnerableACL configured in ip_allow.config or remap.config does not use IP addr ...
CVE-2024-56202vulnerablefixedvulnerableExpected Behavior Violation vulnerability in Apache Traffic Server. T ...
CVE-2024-56195vulnerablefixedvulnerableImproper Access Control vulnerability in Apache Traffic Server. This ...
CVE-2024-53868vulnerablefixedvulnerableApache Traffic Server allows request smuggling if chunked messages are ...
CVE-2024-50306fixedfixedvulnerableUnchecked return value can allow Apache Traffic Server to retain privi ...
CVE-2024-50305vulnerablefixedvulnerableValid Host header field can cause Apache Traffic Server to crash on so ...
CVE-2024-38479fixedfixedvulnerableImproper Input Validation vulnerability in Apache Traffic Server. Thi ...
CVE-2024-38311vulnerablefixedvulnerableImproper Input Validation vulnerability in Apache Traffic Server. Thi ...

Resolved issues

BugDescription
CVE-2024-56196Improper Access Control vulnerability in Apache Traffic Server. This ...
CVE-2024-35296Invalid Accept-Encoding header can cause Apache Traffic Server to fail ...
CVE-2024-35161Apache Traffic Server forwards malformed HTTP chunked trailer section ...
CVE-2024-31309HTTP/2 CONTINUATIONDoS attack can cause Apache Traffic Server to consu ...
CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2023-41752Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...
CVE-2023-39456Improper Input Validation vulnerability in Apache Traffic Server with ...
CVE-2023-38522Apache Traffic Server accepts characters that are not allowed for HTTP ...
CVE-2023-33934Improper Input Validation vulnerability in Apache Software Foundation ...
CVE-2023-33933Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...
CVE-2023-30631Improper Input Validation vulnerability in Apache Software Foundation ...
CVE-2022-47185Improper input validation vulnerability on the range header in Apache ...
CVE-2022-47184Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...
CVE-2022-40743Improper Input Validation vulnerability for the xdebug plugin in Apach ...
CVE-2022-37392Improper Check for Unusual or Exceptional Conditions vulnerability in ...
CVE-2022-32749Improper Check for Unusual or Exceptional Conditions vulnerability han ...
CVE-2022-31780Improper Input Validation vulnerability in HTTP/2 frame handling of Ap ...
CVE-2022-31779Improper Input Validation vulnerability in HTTP/2 header parsing of Ap ...
CVE-2022-31778Improper Input Validation vulnerability in handling the Transfer-Encod ...
CVE-2022-28129Improper Input Validation vulnerability in HTTP/1.1 header parsing of ...
CVE-2022-25763Improper Input Validation vulnerability in HTTP/2 request validation o ...
CVE-2021-44759Improper Authentication vulnerability in TLS origin validation of Apac ...
CVE-2021-44040Improper Input Validation vulnerability in request line parsing of Apa ...
CVE-2021-43082Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...
CVE-2021-41585Improper Input Validation vulnerability in accepting socket connection ...
CVE-2021-38161Improper Authentication vulnerability in TLS origin verification of Ap ...
CVE-2021-37150Improper Input Validation vulnerability in header parsing of Apache Tr ...
CVE-2021-37149Improper Input Validation vulnerability in header parsing of Apache Tr ...
CVE-2021-37148Improper input validation vulnerability in header parsing of Apache Tr ...
CVE-2021-37147Improper input validation vulnerability in header parsing of Apache Tr ...
CVE-2021-35474Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...
CVE-2021-32567Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...
CVE-2021-32566Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...
CVE-2021-32565Invalid values in the Content-Length header sent to Apache Traffic Ser ...
CVE-2021-27737Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on th ...
CVE-2021-27577Incorrect handling of url fragment vulnerability of Apache Traffic Ser ...
CVE-2020-17509ATS negative cache option is vulnerable to a cache poisoning attack. I ...
CVE-2020-17508The ATS ESI plugin has a memory disclosure vulnerability. If you are r ...
CVE-2020-9494Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8. ...
CVE-2020-9481Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...
CVE-2020-1944There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...
CVE-2019-17565There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...
CVE-2019-17559There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...
CVE-2019-10079Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ...
CVE-2019-9518Some HTTP/2 implementations are vulnerable to a flood of empty frames, ...
CVE-2019-9515Some HTTP/2 implementations are vulnerable to a settings flood, potent ...
CVE-2019-9514Some HTTP/2 implementations are vulnerable to a reset flood, potential ...
CVE-2019-9512Some HTTP/2 implementations are vulnerable to ping floods, potentially ...
CVE-2018-11783sslheaders plugin extracts information from the client certificate and ...
CVE-2018-8040Pages that are rendered using the ESI plugin can have access to the co ...
CVE-2018-8022A carefully crafted invalid TLS handshake can cause Apache Traffic Ser ...
CVE-2018-8005When there are multiple ranges in a range request, Apache Traffic Serv ...
CVE-2018-8004There are multiple HTTP smuggling and cache poisoning issues when clie ...
CVE-2018-1318Adding method ACLs in remap.config can cause a segfault when the user ...
CVE-2017-7671There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2 ...
CVE-2017-5660There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prio ...
CVE-2017-5659Apache Traffic Server before 6.2.1 generates a coredump when there is ...
CVE-2016-5396Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Att ...
CVE-2015-5206Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...
CVE-2015-5168Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...
CVE-2015-3249The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before ...
CVE-2014-10022Apache Traffic Server before 5.1.2 allows remote attackers to cause a ...
CVE-2014-3624Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to by ...
CVE-2014-3525Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ...
CVE-2012-0256Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3. ...
CVE-2010-2952Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, d ...

Security announcements

DSA / DLADescription
DSA-5948-1trafficserver - security update
DSA-5896-1trafficserver - security update
DLA-4055-1trafficserver - security update
DLA-3897-1trafficserver - security update
DSA-5758-1trafficserver - security update
DLA-3799-1trafficserver - security update
DSA-5659-1trafficserver - security update
DSA-5549-1trafficserver - security update
DLA-3645-1trafficserver - security update
DLA-3595-1trafficserver - security update
DLA-3475-1trafficserver - security update
DSA-5435-1trafficserver - security update
DLA-3385-1trafficserver - security update
DLA-3279-1trafficserver - security update
DSA-5311-1trafficserver - security update
DSA-5206-1trafficserver - security update
DSA-5153-1trafficserver - security update
DSA-4957-1trafficserver - security update
DSA-4805-1trafficserver - security update
DSA-4710-1trafficserver - security update
DSA-4672-1trafficserver - security update
DSA-4520-1trafficserver - security update
DSA-4282-1trafficserver - security update
DSA-4128-1trafficserver - security update
Search for package or bug name: Reporting problems