Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-9pd6-v7d1-9qem

Summary The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

Aliases

alias	CVE-2015-3249

Fixed_packages

url	pkg:deb/debian/trafficserver@5.3.1-1?distro=sid
purl	pkg:deb/debian/trafficserver@5.3.1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@5.3.1-1%3Fdistro=sid

url pkg:deb/debian/trafficserver@6.2.0-1~bpo8%2B1

purl pkg:deb/debian/trafficserver@6.2.0-1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41x7-hv4u-byb9

vulnerability	VCID-4men-293s-3bhn

vulnerability	VCID-4wwn-74ac-p7dp

vulnerability	VCID-568b-s8ks-vfa6

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-6bwv-cd3d-mudb

vulnerability	VCID-73aa-rk27-tye1

vulnerability	VCID-7nhc-5p2x-t3cj

vulnerability	VCID-8aev-nmwa-fkcg

vulnerability	VCID-931v-ukcc-6qaa

vulnerability	VCID-aqt5-2ffy-9bgs

vulnerability	VCID-au6q-ek7r-8bgr

vulnerability	VCID-b7zx-ywwc-57d9

vulnerability	VCID-bb5y-kjej-bbfm

vulnerability	VCID-bdgg-edbf-xfav

vulnerability	VCID-btm9-vxvc-3qhv

vulnerability	VCID-c5hc-3jtx-k3a6

vulnerability	VCID-c675-5njd-63hk

vulnerability	VCID-cbe5-hhz8-bqbn

vulnerability	VCID-cscf-sb71-jybq

vulnerability	VCID-esap-nkps-cfg9

vulnerability	VCID-fmwc-nmhh-ryaf

vulnerability	VCID-fq5y-b9yq-nbee

vulnerability	VCID-hbte-dsw2-y7ad

vulnerability	VCID-j6r7-ypa1-zybv

vulnerability	VCID-jabw-thzt-63bb

vulnerability	VCID-jb1b-9gr2-suez

vulnerability	VCID-jdjf-3w9k-xbaw

vulnerability	VCID-k2ks-3t6e-uqgu

vulnerability	VCID-m8p8-5n65-qyhy

vulnerability	VCID-msu4-5h99-2yaq

vulnerability	VCID-n66u-b73u-zucb

vulnerability	VCID-nbwy-fdv2-uydt

vulnerability	VCID-p5f7-uu6r-8bez

vulnerability	VCID-pxaf-6qxa-77h9

vulnerability	VCID-qwmj-ez4q-7qex

vulnerability	VCID-r86j-zujn-f7ez

vulnerability	VCID-rcdg-j23x-xfbn

vulnerability	VCID-rw58-bnwt-2bam

vulnerability	VCID-scpg-5hcj-5yd3

vulnerability	VCID-skrs-cynm-r7du

vulnerability	VCID-t559-a5u6-4ke1

vulnerability	VCID-u5qg-vszr-9ye2

vulnerability	VCID-ue7s-pn8b-vydz

vulnerability	VCID-uhqf-tsxe-ayc2

vulnerability	VCID-uhxq-9bzs-u3fd

vulnerability	VCID-uy1m-av2n-jybt

vulnerability	VCID-va7d-ktp2-m7et

vulnerability	VCID-w42s-4aps-y3c5

vulnerability	VCID-waer-as81-8fed

vulnerability	VCID-xh97-4sn5-vyfw

vulnerability	VCID-xwdc-hndy-yubc

vulnerability	VCID-xwru-y5m9-gucd

vulnerability	VCID-zmh1-wmct-uyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@6.2.0-1~bpo8%252B1

url pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid

purl pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4738-xk8n-hbac

vulnerability	VCID-4hs3-be7k-9qe7

vulnerability	VCID-4uhe-mtbx-nfdu

vulnerability	VCID-5e1r-3jec-tkhp

vulnerability	VCID-c62p-6ghw-j3dv

vulnerability	VCID-eay7-63um-43e9

vulnerability	VCID-kjah-am9e-xkev

vulnerability	VCID-tevw-8dcp-yfh6

vulnerability	VCID-ww3t-p3pq-gkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid

url	pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid
purl	pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid

url pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid

purl pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4738-xk8n-hbac

vulnerability	VCID-4hs3-be7k-9qe7

vulnerability	VCID-4uhe-mtbx-nfdu

vulnerability	VCID-5e1r-3jec-tkhp

vulnerability	VCID-c62p-6ghw-j3dv

vulnerability	VCID-eay7-63um-43e9

vulnerability	VCID-jabw-thzt-63bb

vulnerability	VCID-kjah-am9e-xkev

vulnerability	VCID-rcdg-j23x-xfbn

vulnerability	VCID-tevw-8dcp-yfh6

vulnerability	VCID-ww3t-p3pq-gkhy

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid

Affected_packages

url pkg:deb/debian/trafficserver@3.0.5-1

purl pkg:deb/debian/trafficserver@3.0.5-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-41x7-hv4u-byb9

vulnerability	VCID-4js5-31yx-gkf1

vulnerability	VCID-4men-293s-3bhn

vulnerability	VCID-4wwn-74ac-p7dp

vulnerability	VCID-568b-s8ks-vfa6

vulnerability	VCID-5781-s1ny-q7ey

vulnerability	VCID-6bwv-cd3d-mudb

vulnerability	VCID-73aa-rk27-tye1

vulnerability	VCID-7nhc-5p2x-t3cj

vulnerability	VCID-8aev-nmwa-fkcg

vulnerability	VCID-931v-ukcc-6qaa

vulnerability	VCID-9pd6-v7d1-9qem

vulnerability	VCID-9rs4-uvph-3yh7

vulnerability	VCID-aqt5-2ffy-9bgs

vulnerability	VCID-au6q-ek7r-8bgr

vulnerability	VCID-b7zx-ywwc-57d9

vulnerability	VCID-bb5y-kjej-bbfm

vulnerability	VCID-bdgg-edbf-xfav

vulnerability	VCID-btm9-vxvc-3qhv

vulnerability	VCID-c5hc-3jtx-k3a6

vulnerability	VCID-c675-5njd-63hk

vulnerability	VCID-cbe5-hhz8-bqbn

vulnerability	VCID-cscf-sb71-jybq

vulnerability	VCID-esap-nkps-cfg9

vulnerability	VCID-fmwc-nmhh-ryaf

vulnerability	VCID-fq5y-b9yq-nbee

vulnerability	VCID-hbte-dsw2-y7ad

vulnerability	VCID-j6r7-ypa1-zybv

vulnerability	VCID-jabw-thzt-63bb

vulnerability	VCID-jb1b-9gr2-suez

vulnerability	VCID-jdjf-3w9k-xbaw

vulnerability	VCID-k2ks-3t6e-uqgu

vulnerability	VCID-khz4-1uav-cqgg

vulnerability	VCID-m8p8-5n65-qyhy

vulnerability	VCID-msu4-5h99-2yaq

vulnerability	VCID-n66u-b73u-zucb

vulnerability	VCID-nbwy-fdv2-uydt

vulnerability	VCID-p5f7-uu6r-8bez

vulnerability	VCID-pxaf-6qxa-77h9

vulnerability	VCID-qwmj-ez4q-7qex

vulnerability	VCID-r86j-zujn-f7ez

vulnerability	VCID-rcdg-j23x-xfbn

vulnerability	VCID-rw58-bnwt-2bam

vulnerability	VCID-scpg-5hcj-5yd3

vulnerability	VCID-skrs-cynm-r7du

vulnerability	VCID-t559-a5u6-4ke1

vulnerability	VCID-u4tn-85je-n7gt

vulnerability	VCID-u5qg-vszr-9ye2

vulnerability	VCID-ue7s-pn8b-vydz

vulnerability	VCID-uhqf-tsxe-ayc2

vulnerability	VCID-uhxq-9bzs-u3fd

vulnerability	VCID-uvhz-uspt-7ygz

vulnerability	VCID-uy1m-av2n-jybt

vulnerability	VCID-va7d-ktp2-m7et

vulnerability	VCID-w42s-4aps-y3c5

vulnerability	VCID-waer-as81-8fed

vulnerability	VCID-xh97-4sn5-vyfw

vulnerability	VCID-xwdc-hndy-yubc

vulnerability	VCID-xwru-y5m9-gucd

vulnerability	VCID-zmh1-wmct-uyf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@3.0.5-1

References

reference_url	http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g%40mail.gmail.com%3E
reference_id
reference_type
scores
url	http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g%40mail.gmail.com%3E

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3249

reference_id

reference_type

scores

value	0.04233
scoring_system	epss
scoring_elements	0.88788
published_at	2026-04-21T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.8879
published_at	2026-04-18T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88723
published_at	2026-04-01T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88732
published_at	2026-04-02T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88748
published_at	2026-04-04T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.8875
published_at	2026-04-07T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88767
published_at	2026-04-08T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88772
published_at	2026-04-09T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88784
published_at	2026-04-11T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88778
published_at	2026-04-12T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88779
published_at	2026-04-13T12:55:00Z

value	0.04233
scoring_system	epss
scoring_elements	0.88792
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3249

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3249
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3249

reference_url	https://yahoo-security.tumblr.com/post/122883273670/apache-traffic-server-http2-fuzzing
reference_id
reference_type
scores
url	https://yahoo-security.tumblr.com/post/122883273670/apache-traffic-server-http2-fuzzing

reference_url	http://www.securityfocus.com/bid/101631
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101631

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:5.3.0:::::::*
reference_id	cpe:2.3:a:apache:traffic_server:5.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:5.3.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3249

reference_id

CVE-2015-3249

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3249

Weaknesses

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Exploits

Severity_range_score 7.5 - 9.8

Exploitability 0.5

Weighted_severity 8.8

Risk_score 4.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9pd6-v7d1-9qem

Vulnerability Instance