CVE-2021-37148

2021-11-0300:00:00

ubuntu.com

apache

traffic server

input validation

header parsing

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

55.5%

JSON

Improper input validation vulnerability in header parsing of Apache Traffic
Server allows an attacker to smuggle requests. This issue affects Apache
Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchtrafficserver< anyUNKNOWN
ubuntu20.04noarchtrafficserver< anyUNKNOWN
ubuntu22.04noarchtrafficserver< anyUNKNOWN
ubuntu24.04noarchtrafficserver< anyUNKNOWN
ubuntu16.04noarchtrafficserver< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	trafficserver	< any	UNKNOWN
ubuntu	20.04	noarch	trafficserver	< any	UNKNOWN
ubuntu	22.04	noarch	trafficserver	< any	UNKNOWN
ubuntu	24.04	noarch	trafficserver	< any	UNKNOWN
ubuntu	16.04	noarch	trafficserver	< any	UNKNOWN