Published: 29/06/2021 Updated: 20/09/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an malicious user to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache traffic server
debian debian linux 8.0

Debian Bug report logs - #990303 trafficserver: Apache Traffic Server is vulnerable to various HTTP/1x and HTTP/2 attacks Package: trafficserver; Maintainer for trafficserver is Jean Baptiste Favre <debian@jbfavreorg>; Source for trafficserver is src:trafficserver (PTS, buildd, popcon) Reported by: Lorenzo Maurizi <lma ...

Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling or cache poisoning For the stable distribution (buster), these problems have been fixed in version 802+ds-1+deb10u5 We recommend that you upgrade your trafficserver packages For t ...

CWE-444 https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E https://www.debian.org/security/2021/dsa-4957 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4957

CVE-2021-27577

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect