FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
acab2f88-7490-11e1-865f-00e0814cab4eApache Traffic Server -- heap overflow vulnerability

CERT-FI reports:

A heap overflow vulnerability has been found in the HTTP (Hypertext Transfer Protocol) protocol handling of Apache Traffic Server. The vulnerability allows an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified HTTP message to an affected server.


Discovery 2012-03-22
Entry 2012-03-24
trafficserver
< 3.0.4

CVE-2012-0256
6fd773d3-bc5a-11ea-b38d-f0def1d0c3eatrafficserver -- resource consumption

Bryan Call reports:

ATS is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread.


Discovery 2020-06-24
Entry 2020-07-02
trafficserver
< 8.0.8

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9494
CVE-2020-9494
6318b303-3507-11e4-b76c-0011d823eebdtrafficserver -- unspecified vulnerability

Bryan Call reports:

Below is our announcement for the security issue reported to us from Yahoo! Japan. All versions of Apache Traffic Server are vulnerable. We urge users to upgrade to either 4.2.1.1 or 5.0.1 immediately.

This fixes CVE-2014-3525 and limits access to how the health checks are performed.


Discovery 2014-07-23
Entry 2014-09-05
trafficserver
< 5.0.1

CVE-2014-3525
http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E