CVE-2021-37147

Опубликовано: 03 нояб. 2021

Источник: debian

EPSS Низкий

Описание

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
trafficserver	fixed	9.1.1+ds-1		package

Примечания

https://www.openwall.com/lists/oss-security/2021/11/02/11
https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master)
https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d (8.1.x)
https://github.com/apache/trafficserver/pull/8460

EPSS

Процентиль: 72%

0.00718

Низкий

Связанные уязвимости

CVE-2021-37147

CVSS3: 7.5

ubuntu

почти 4 года назад

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

CVE-2021-37147

CVSS3: 7.5

nvd

почти 4 года назад

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

GHSA-2c64-8v4j-vw3m

CVSS3: 7.5

github

около 3 лет назад

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

EPSS

Процентиль: 72%

0.00718

Низкий