UBUNTU-CVE-2021-37149

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2021-37149

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-37149.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-37149

Upstream

CVE-2021-37149

Published

2021-11-03T16:15:00Z

Modified

2026-02-12T19:05:10.826732Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

References

Affected packages

Ubuntu:16.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver@5.3.0-2ubuntu2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.3.0-2ubuntu1

5.3.0-2ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.3.0-2ubuntu2",
            "binary_name": "trafficserver"
        },
        {
            "binary_version": "5.3.0-2ubuntu2",
            "binary_name": "trafficserver-dev"
        },
        {
            "binary_version": "5.3.0-2ubuntu2",
            "binary_name": "trafficserver-experimental-plugins"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-37149.json"

Ubuntu:18.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver@7.1.2+ds-3?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.0-5

7.1.2+ds-2

7.1.2+ds-2build1

7.1.2+ds-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.1.2+ds-3",
            "binary_name": "trafficserver"
        },
        {
            "binary_version": "7.1.2+ds-3",
            "binary_name": "trafficserver-dev"
        },
        {
            "binary_version": "7.1.2+ds-3",
            "binary_name": "trafficserver-experimental-plugins"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-37149.json"

Ubuntu:Pro:20.04:LTS / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/ubuntu/trafficserver@8.0.5+ds-3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.5+ds-1

8.0.5+ds-2

8.0.5+ds-2build1

8.0.5+ds-2ubuntu1

8.0.5+ds-3

8.0.5+ds-3ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "8.0.5+ds-3ubuntu0.1~esm1",
            "binary_name": "trafficserver"
        },
        {
            "binary_version": "8.0.5+ds-3ubuntu0.1~esm1",
            "binary_name": "trafficserver-dev"
        },
        {
            "binary_version": "8.0.5+ds-3ubuntu0.1~esm1",
            "binary_name": "trafficserver-experimental-plugins"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-37149.json"