CVE-2021-32565

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32565
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32565.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32565
Downstream
Published
2021-06-29T12:15:08Z
Modified
2025-09-19T12:56:56.960403Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

References

Affected packages

Git / github.com/apache/trafficserver

Affected versions

8.*

8.0.0
8.0.0-rc4
8.0.1
8.0.1-rc0
8.0.2
8.0.2-rc0
8.0.3
8.0.3-rc0
8.0.4
8.0.4-rc0
8.0.5
8.0.6
8.0.6-rc0
8.0.6-rc1
8.1.0
8.1.0-rc0
8.1.1
8.1.1-rc0

9.*

9.0.0
9.0.0-rc1
9.0.1
9.0.1-rc0
9.0.1-rc1