CVE-2021-38161

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-38161

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38161.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-38161

Related

Published

2021-11-03T16:15:08Z

Modified

2025-01-08T08:16:59.804811Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

References

Affected packages

Debian:11 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.1+ds-1.1+deb11u1

Affected versions

8.*

8.1.1+ds-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.0+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/trafficserver

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficserver
Events: Introduced

b310e3566f58dd04ec2b15b111ec86ea70e20019

Last affected

a29528dffb8ea1c6fa57fe0c76ca1ec9d0f08694

Affected versions

8.*

8.0.0

8.0.0-rc4

8.0.1

8.0.1-rc0

8.0.2

8.0.2-rc0

8.0.3

8.0.3-rc0

8.0.4

8.0.4-rc0

8.0.5

8.0.6

8.0.6-rc0

8.0.6-rc1

8.0.7

8.0.7-rc0

8.0.8

8.0.8-rc0