Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
References
Link | Resource |
---|---|
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E | Mailing List Vendor Advisory |
https://www.debian.org/security/2021/dsa-4957 | Third Party Advisory |
Configurations
History
20 Sep 2021, 18:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |
References |
|
06 Jul 2021, 15:28
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E - Mailing List, Vendor Advisory | |
CWE | CWE-444 | |
CPE | cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* |
29 Jun 2021, 12:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-29 12:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-27577
Mitre link : CVE-2021-27577
CVE.ORG link : CVE-2021-27577
JSON object : View
Products Affected
apache
- traffic_server
debian
- debian_linux
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')