CVE-2021-32565

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32565

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32565.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32565

Related

Published

2021-06-29T12:15:08Z

Modified

2024-10-12T07:34:11.824984Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

References

Affected packages

Debian:11 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.1+ds-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.1+ds-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/trafficserver

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficserver
Events: Introduced

b14030656330ed623cd1f9efe2f4f9abd9d16e29

Last affected

3bb1ae9fa5c71b8e65cb782f402d8780b522693d

Introduced

6c1c6cf20e7d0e287d697a0f4181436013d17c30

Last affected

8e8bf8c583d55e46c4de34cccee0c4c5df83e979

Introduced

b310e3566f58dd04ec2b15b111ec86ea70e20019

Last affected

c71b082690599c6da5efe981175fcb9a1a961a1b

Affected versions

8.*

8.0.0

8.0.0-rc4

8.0.1

8.0.1-rc0

8.0.2

8.0.2-rc0

8.0.3

8.0.3-rc0

8.0.4

8.0.4-rc0

8.0.5

8.0.6

8.0.6-rc0

8.0.6-rc1

8.1.0

8.1.0-rc0

8.1.1

8.1.1-rc0

9.*

9.0.0

9.0.0-rc1

9.0.1

9.0.1-rc0

9.0.1-rc1