CVE-2021-41585Improper Input Validation in Apache Traffic Server

CWE-20Improper Input Validation5 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 22.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Traffic ServerApache Software Foundation Apache Traffic Server
Timeline
PublishedNov 3
Latest updateMay 24

Description

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/traffic_server8.0.08.1.2+1

Patches

Patch: lists.apache.orgPatch: lists.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-7p26-vh5r-gh69: Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting2022-05-24
CVEList
ATS stops accepting connections on FreeBSD2021-11-03
OSV
CVE-2021-41585: Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting2021-11-03

📋Vendor Advisories

1
Debian
CVE-2021-41585: trafficserver - Improper Input Validation vulnerability in accepting socket connections in Apach...2021