CVE-2021-44040

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.

Published: Mar 23, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-44040
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
apache / traffic_server	9.0.0	9.1.1.x
apache / traffic_server	8.0.0	8.1.3.x
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x

https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6
https://www.debian.org/security/2022/dsa-5153

Vulnerability Database

289,599

CVE-2021-44040