CVE-2021-44040

CWE-20Improper Input Validation5 documents5 sources
Severity
7.5HIGH
EPSS
3.3%
top 12.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Traffic ServerApache Software Foundation Apache Traffic ServerDebian Debian Linux
Timeline
PublishedMar 23
Latest updateMar 24

Description

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDapache/traffic_server8.0.08.1.3+1
CVEListV5apache_software_foundation/apache_traffic_server8.0.0 to 8.1.3 and 9.0.0 to 9.1.1
Debiantrafficserver< 8.1.1+ds-1.1+deb11u1+1

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

3
GHSA
GHSA-6h7p-g96p-26q3: Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests2022-03-24
OSV
CVE-2021-44040: Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests2022-03-23
CVEList
HTTP request line fuzzing attacks2022-03-23

📋Vendor Advisories

1
Debian
CVE-2021-44040: trafficserver - Improper Input Validation vulnerability in request line parsing of Apache Traffi...2021
CVE-2021-44040 (HIGH CVSS 7.5) | Improper Input Validation vulnerabi | cvebase.io