VulnerableCode Package Details - pkg:deb/debian/trafficserver@8.1.11%2Bds-0%2Bdeb11u1?distro=sid

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-esap-nkps-cfg9	Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.	CVE-2024-35296
VCID-jb1b-9gr2-suez	Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.	CVE-2024-35161
VCID-rw58-bnwt-2bam	Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.	CVE-2023-38522

Vulnerability

Summary

Aliases

VCID-esap-nkps-cfg9

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

CVE-2024-35296

VCID-jb1b-9gr2-suez

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

CVE-2024-35161

VCID-rw58-bnwt-2bam

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

CVE-2023-38522

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:12:21.358185+00:00	Debian Importer	Fixing	VCID-jb1b-9gr2-suez	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:13:44.388694+00:00	Debian Importer	Fixing	VCID-rw58-bnwt-2bam	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:58:05.572078+00:00	Debian Importer	Fixing	VCID-esap-nkps-cfg9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:05:19.440276+00:00	Debian Importer	Fixing	VCID-jb1b-9gr2-suez	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:38:07.087547+00:00	Debian Importer	Fixing	VCID-rw58-bnwt-2bam	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:00:56.898128+00:00	Debian Importer	Fixing	VCID-esap-nkps-cfg9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:55:34.881982+00:00	Debian Importer	Fixing	VCID-esap-nkps-cfg9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:34.834046+00:00	Debian Importer	Fixing	VCID-jb1b-9gr2-suez	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:55:34.566051+00:00	Debian Importer	Fixing	VCID-rw58-bnwt-2bam	https://security-tracker.debian.org/tracker/data/json	38.1.0