CVE-2021-41585

Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.

Published: Nov 3, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-41585
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
apache / traffic_server	8.0.0	8.1.2.x
apache / traffic_server	9.0.0	9.1.0.x

https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164

Vulnerability Database

289,599

CVE-2021-41585