CVE-2021-37148

high

Description

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

References

https://www.debian.org/security/2022/dsa-5153

https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164

Details

Source: Mitre, NVD

Published: 2021-11-03

Updated: 2022-10-14

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High