The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting Apache Traffic Server. 

Technical Details

Security researchers discovered that a critical vulnerability exists in Apache Traffic Server. It allows attackers to remotely cause denial-of-service (DoS) attacks via memory resource exhaustion.

This vulnerability affects the Edge Side Includes (ESI) plugin.

This specific attack can be executed remotely without requiring authentication or privileged access.

This vulnerability is having a high CVSS score of 7.5

Affected Versions:

 • ATS 9.0.0 to 9.2.10 and ATS 10.0.0 to 10.0.5

Recommendations

The Digital Security Authority recommends upgrading Apache Traffic Server as per their version: 

• 9.x users should upgrade to 9.2.11 or later versions

• 10.x users should upgrade to 10.0.6 or later versions

References

1.  Common Vulnerabilities & Exposures
2.  Common Weakness Enumeration

The information presented in this report is based on available data up to the 20th of June 2025. 

 [ Get the report  in .PDF ]