CVE-2021-44759

CWE-287 — Improper Authentication5 documents5 sources

Severity

8.1HIGH

EPSS

2.0%

top 16.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Traffic Server Apache Software Foundation Apache Traffic Server Debian Debian Linux

Timeline

PublishedMar 23

Latest updateMar 24

Description

Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶NVDapache/traffic_server8.0.0 — 8.1.0

▶CVEListV5apache_software_foundation/apache_traffic_server8.0.0 to 8.1.0

▶Debiantrafficserver< 8.1.1+ds-1.1+deb11u1+1

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

GHSA

GHSA-qwcg-95jm-56j3: Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack↗2022-03-24

▶

CVEList

Improper authentication vulnerability in TLS origin verification↗2022-03-23

▶

OSV

CVE-2021-44759: Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack↗2022-03-23

▶

📋Vendor Advisories

Debian

CVE-2021-44759: trafficserver - Improper Authentication vulnerability in TLS origin validation of Apache Traffic...↗2021

▶