CVE-2021-37148

Опубликовано: 03 нояб. 2021

Источник: debian

EPSS Низкий

Описание

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
trafficserver	fixed	9.1.1+ds-1		package

Примечания

https://www.openwall.com/lists/oss-security/2021/11/02/11
https://github.com/apache/trafficserver/pull/8457/
https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master)
https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x)

EPSS

Процентиль: 69%

0.0062

Низкий

Связанные уязвимости

CVE-2021-37148

CVSS3: 7.5

ubuntu

больше 4 лет назад

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

CVE-2021-37148

CVSS3: 7.5

nvd

больше 4 лет назад

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

GHSA-p9mw-v4q4-qhvj

CVSS3: 7.5

github

больше 3 лет назад

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

EPSS

Процентиль: 69%

0.0062

Низкий