CVE-2021-32813
published 2021-08-03CVE-2021-32813: Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the…
PriorityP342high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
1.10%
61.5th percentile
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | traefik_traefik | 0 – 1.7.30 | — |
| github.com | traefik_traefik_v2 | >= 0 < 2.4.13 | 2.4.13 |
| traefik | traefik | < 2.4.13 | 2.4.13 |
| traefik | traefik | <= 1.7.30 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Header dropping in traefik in github.com/traefik/traefik
osv·2024-08-21
CVE-2021-32813 Header dropping in traefik in github.com/traefik/traefik
Header dropping in traefik in github.com/traefik/traefik
Header dropping in traefik in github.com/traefik/traefik
GHSA
Header dropping in traefik
ghsa·2021-08-05
CVE-2021-32813 [MEDIUM] CWE-913 Header dropping in traefik
Header dropping in traefik
# Impact
There exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse.
# Details
If you have a chain of Traefik middlewares, and one of them sets a request header `Important-Security-Header`, then sending a request with the following Connection header will cause it to be removed before the request was sent:
```
curl 'https://example.com' -H "Connection: Important-Security-Header" -0
```
In this case, the backend does not see the request header `Important-Security-Header`.
# Patches
Traefik v2.4.x: https://github.com/traefi
OSV
Header dropping in traefik
osv·2021-08-05
CVE-2021-32813 [MEDIUM] Header dropping in traefik
Header dropping in traefik
# Impact
There exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse.
# Details
If you have a chain of Traefik middlewares, and one of them sets a request header `Important-Security-Header`, then sending a request with the following Connection header will cause it to be removed before the request was sent:
```
curl 'https://example.com' -H "Connection: Important-Security-Header" -0
```
In this case, the backend does not see the request header `Important-Security-Header`.
# Patches
Traefik v2.4.x: https://github.com/traefi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9https://github.com/traefik/traefik/releases/tag/v2.4.13https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qghttps://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9https://github.com/traefik/traefik/releases/tag/v2.4.13https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg
2021-08-03
Published