Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 | Mailing List Patch Vendor Advisory |
https://www.debian.org/security/2022/dsa-5153 | Third Party Advisory |
https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 | Mailing List Patch Vendor Advisory |
https://www.debian.org/security/2022/dsa-5153 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164 - Mailing List, Patch, Vendor Advisory | |
References | () https://www.debian.org/security/2022/dsa-5153 - Third Party Advisory |
Information
Published : 2021-11-03 16:15
Updated : 2024-11-21 06:14
NVD link : CVE-2021-37149
Mitre link : CVE-2021-37149
CVE.ORG link : CVE-2021-37149
JSON object : View
Products Affected
apache
- traffic_server
debian
- debian_linux
CWE
CWE-20
Improper Input Validation