6.8
CVSSv2

CVE-2021-38161

Published: 03/11/2021 Updated: 25/10/2022
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache traffic server

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM attacks For the oldstable distribution (buster), these problems have been fixed in version 802+ds-1+deb10u6 For the stable distribution (bullseye), these problems have been fixed in version 8 ...