CVE-2021-27577

CWE-444HTTP Request Smuggling5 documents5 sources
Severity
7.5HIGH
EPSS
1.2%
top 21.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Traffic ServerApache Software Foundation Apache Traffic ServerDebian Debian Linux
Timeline
PublishedJun 29
Latest updateMay 24

Description

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/traffic_server7.0.07.1.12+2
CVEListV5apache_software_foundation/apache_traffic_serverApache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1
Debiantrafficserver< 8.1.1+ds-1.1+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-m6m2-j477-jfg8: Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache2022-05-24
OSV
CVE-2021-27577: Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache2021-06-29
CVEList
Incorrect handling of url fragment leads to cache poisoning2021-06-29

📋Vendor Advisories

1
Debian
CVE-2021-27577: trafficserver - Incorrect handling of url fragment vulnerability of Apache Traffic Server allows...2021
CVE-2021-27577 (HIGH CVSS 7.5) | Incorrect handling of url fragment | cvebase.io