Masakazu Kitajo

#8846of 53,633
30.9Total CVSS
Vulnerabilities · 4
High
4
PT-2025-25771
7.8
2025-01-01
Apache · Apache Traffic Server · CVE-2025-31698
**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 9.0.0 through 9.2.10 Apache Traffic Server versions 10.0.0 through 10.0.6 **Description** The issue arises when the ACL configured in ip allow.config or remap.config does not utilize IP addresses provided by the PROXY protocol. A new setting, `proxy.config.acl.subjects`, can be used to select which IP addresses to use for the ACL when Apache Traffic Server is set up to accept the PROXY protocol. **Recommendations** For versions 9.0.0 through 9.2.10, upgrade to version 9.2.11. For versions 10.0.0 through 10.0.6, upgrade to version 10.0.6.
PT-2024-9208
7.8
2024-11-12
Apache · Apache Traffic Server · CVE-2024-50305
Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.2.0 through 9.2.5 Description: The issue is related to insufficient input validation when handling the Host header field, which can cause Apache Traffic Server to crash on some platforms. This can be exploited by a remote attacker to cause a denial of service. Recommendations: For versions 9.2.0 through 9.2.5, upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. As a temporary workaround, consider restricting access to the `Host` header field to minimize the risk of exploitation.
PT-2023-28084
7.5
2023-10-17
Apache · Apache Traffic Server · CVE-2023-41752
**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 8.0.0 through 8.1.8 Apache Traffic Server versions 9.0.0 through 9.2.2 **Description** The issue is related to the exposure of sensitive information to an unauthorized actor. It affects Apache Traffic Server, allowing unauthorized access to sensitive data. **Recommendations** Apache Traffic Server versions 8.0.0 through 8.1.8 should be upgraded to version 8.1.9. Apache Traffic Server versions 9.0.0 through 9.2.2 should be upgraded to version 9.2.3.
PT-2023-3360
7.8
2023-06-13
Apache · Apache Traffic Server · CVE-2023-33933
**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 8.0.0 through 9.2.0 **Description** The issue is related to insufficient protection of service data, which may allow a remote attacker to gain unauthorized access to confidential information. **Recommendations** 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions