Lucene search

ApacheCVE-2021-32566

HistoryJun 30, 2021 - 8:15 a.m.

CVE-2021-32566

2021-06-3008:15:06

CWE-20

apache

web.nvd.nist.gov

cve-2021-32566

apache traffic server

http/2

input validation

dos

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

41.4%

JSON

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Affected configurations

Nvd

Vulners

Node

apachetraffic_serverRange7.0.0–7.1.12

apachetraffic_serverRange8.0.0–8.1.1

apachetraffic_serverRange9.0.0–9.0.1

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
apachetraffic_server*cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	traffic_server	*	cpe:2.3:a:apache:traffic_server::::::::
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*

CNA Affected

[
  {
    "product": "Apache Traffic Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1"
      }
    ]
  }
]