CVE-2021-37150
published 2022-08-10CVE-2021-37150: Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | traffic_server | 8.0.0 – 8.1.4 | — |
| apache | traffic_server | 9.0.0 – 9.1.2 | — |
| apache_software_foundation | apache_traffic_server | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | trafficserver | < trafficserver 9.1.3+ds-1 (bookworm) | trafficserver 9.1.3+ds-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH