CVE-2021-27577
published 2021-06-29CVE-2021-27577: Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | traffic_server | 7.0.0 – 7.1.12 | — |
| apache | traffic_server | 8.0.0 – 8.1.1 | — |
| apache | traffic_server | 9.0.0 – 9.0.1 | — |
| apache_software_foundation | apache_traffic_server | — | — |
| debian | debian_linux | — | — |
| debian | trafficserver | < trafficserver 8.1.1+ds-1.1 (bookworm) | trafficserver 8.1.1+ds-1.1 (bookworm) |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH