The HTTP/2 protocol allows a denial of service (server resource consumption) because request ca…

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the…

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial…

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of s…

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of…

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.T…

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a…

Pages that are rendered using the ESI plugin can have access to the cookie header when the plug…

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted…

A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. Th…

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the en…

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requ…

Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via uns…

The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attac…

Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache…

Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5…

Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to cert…

Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plu…

Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions …

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to…

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly all…

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to …

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to …

Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between conten…

Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.

Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This iss…

There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to …

Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose D…

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker t…

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an at…

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an at…

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker t…

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an at…

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.…

Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x bef…

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Serve…

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow re…

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the sta…

There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2.0 to 5.3.2, 6.0.0 to 6.2…

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to…