Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2021-27577

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

  • Published: Jun 29, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-27577
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
apache / traffic_server 9.0.0 9.0.1.x
apache / traffic_server 8.0.0 8.1.1.x
apache / traffic_server 7.0.0 7.1.12.x
debian / debian_linux 8.0 8.0.x