CPE Details
Apache Traffic Server 10.0.4
10.0.4
2025-05-13
16h31 +00:00
16h31 +00:00
2025-05-13
16h31 +00:00
16h31 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:apache:traffic_server:10.0.4:*:*:*:*:*:*:*
Informations
Vendor
apacheProduct
traffic_serverVersion
10.0.4Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue. | 7.5 |
Haute |
||
| ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue. | 7.5 |
Haute |
||
| Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue. | 7.5 |
Haute |
