CVE-2021-37147

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

Published: Nov 3, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-37147
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-20
CWE-444

Affected Software
References

Software	From	Fixed in
apache / traffic_server	8.0.0	8.1.2.x
apache / traffic_server	9.0.0	9.1.0.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x

https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164
https://www.debian.org/security/2022/dsa-5153

Vulnerability Database

289,599

CVE-2021-37147