Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 | Mailing List Patch Vendor Advisory |
https://www.debian.org/security/2022/dsa-5153 | Third Party Advisory |
Configurations
History
14 Oct 2022, 11:54
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5153 - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
02 Jun 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2021, 18:47
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* | |
References | (MISC) https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 - Mailing List, Patch, Vendor Advisory |
03 Nov 2021, 16:19
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-03 16:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-37148
Mitre link : CVE-2021-37148
CVE.ORG link : CVE-2021-37148
JSON object : View
Products Affected
apache
- traffic_server
debian
- debian_linux
CWE
CWE-20
Improper Input Validation