CVE-2021-37150
Published: 10 August 2022
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
trafficserver Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| jammy |
Needs triage
|
|
| kinetic |
Needs triage
|
|
| lunar |
Not vulnerable
(9.1.3+ds-1)
|
|
| trusty |
Ignored
(out of standard support)
|
|
| upstream |
Released
(9.1.3+ds-1)
|
|
| xenial |
Needs triage
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |