CVE-2021-37149
published 2021-11-03CVE-2021-37149: Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | traffic_server | 8.0.0 – 8.1.2 | — |
| apache | traffic_server | 9.0.0 – 9.1.0 | — |
| apache_software_foundation | apache_traffic_server | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | trafficserver | < trafficserver 9.1.1+ds-1 (bookworm) | trafficserver 9.1.1+ds-1 (bookworm) |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv7.5HIGH