UBUNTU-CVE-2021-37147

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-37147

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-37147.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-37147

Related

CVE-2021-37147

Published

2021-11-03T16:15:00Z

Modified

2024-10-15T14:08:17Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

References

Affected packages

Ubuntu:Pro:16.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.3.0-2ubuntu1

5.3.0-2ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.0-5

7.1.2+ds-2

7.1.2+ds-2build1

7.1.2+ds-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.5+ds-1

8.0.5+ds-2

8.0.5+ds-2build1

8.0.5+ds-2ubuntu1

8.0.5+ds-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.1+ds-1.1

9.*

9.1.1+ds-2build1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.2.3+ds-1+deb12u1build4

9.2.4+ds-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.2.1+ds-1build1

9.2.2+ds-1

9.2.3+ds-1

9.2.3+ds-1+deb12u1

9.2.3+ds-1+deb12u1build1

9.2.3+ds-1+deb12u1build3

9.2.3+ds-1+deb12u1build4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}