Known Vulnerabilities for Traffic Server by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Traffic Server" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-28367 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminat... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-26055 | Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the A... | Not Provided | 2026-02-12 | 2026-02-12 |
| CVE-2025-53521 | When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Executi... | Not Provided | 2025-10-15 | 2026-03-31 |
| CVE-2025-9293 | A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server... | Not Provided | 2026-02-13 | 2026-02-13 |
| CVE-2021-37150 | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resou... | 7.5 - HIGH | 2022-08-10 | 2023-11-07 |
| CVE-2021-37149 | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. Th... | 7.5 - HIGH | 2021-11-03 | 2022-10-14 |
| CVE-2021-37148 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. Th... | 7.5 - HIGH | 2021-11-03 | 2022-10-14 |
| CVE-2021-37147 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. Th... | 7.5 - HIGH | 2021-11-03 | 2022-10-14 |
| CVE-2021-35474 | Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache Traffic Server. This issue affects Apache Traffic Serv... | 9.8 - CRITICAL | 2021-06-30 | 2021-09-20 |
| CVE-2021-32567 | Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue a... | 7.5 - HIGH | 2021-06-30 | 2021-09-20 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Traffic Server | 9.0.0 | - | All | All |
| Application | Apache | Traffic Server | 9.0.0 | rc0 | All | All |
| Application | Apache | Traffic Server | 9.0.0 | rc1 | All | All |
| Application | Apache | Traffic Server | 8.1.1 | - | All | All |
| Application | Apache | Traffic Server | 8.1.1 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.1.0 | - | All | All |
| Application | Apache | Traffic Server | 8.1.0 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.0.8 | - | All | All |
| Application | Apache | Traffic Server | 8.0.8 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.0.7 | All | All | All |
| Application | Apache | Traffic Server | 8.0.7 | - | All | All |
| Application | Apache | Traffic Server | 8.0.7 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.0.6 | All | All | All |
| Application | Apache | Traffic Server | 8.0.6 | - | All | All |
| Application | Apache | Traffic Server | 8.0.6 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.0.6 | rc1 | All | All |
| Application | Apache | Traffic Server | 8.0.5 | All | All | All |
| Application | Apache | Traffic Server | 8.0.4 | All | All | All |
| Application | Apache | Traffic Server | 8.0.4 | - | All | All |
| Application | Apache | Traffic Server | 8.0.4 | rc0 | All | All |