VulnerableCode Package Details - pkg:deb/ubuntu/trafficserver@8.0.5%2Bds-2

Search for packages

Package details: pkg:deb/ubuntu/trafficserver@8.0.5%2Bds-2

Essentials
History (0)

purl	pkg:deb/ubuntu/trafficserver@8.0.5%2Bds-2

Next non-vulnerable version	8.0.5+ds-3
Latest non-vulnerable version	8.0.5+ds-3
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-tbrp-5sm7-aaak Aliases: CVE-2019-9518	Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.	8.0.5+ds-3 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-syec-8mxh-aaar	Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn't limit the number of setting frames sent from the client using the HTTP/2 protocol. Users should upgrade to Apache Traffic Server 7.1.7, 8.0.4, or later versions.	CVE-2019-10079

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version