Vulnerability Description
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Traffic Server | >= 8.0.0, <= 8.1.2 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164Mailing ListPatchVendor Advisory
- https://www.debian.org/security/2022/dsa-5153Third Party Advisory
- https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164Mailing ListPatchVendor Advisory
- https://www.debian.org/security/2022/dsa-5153Third Party Advisory
FAQ
What is CVE-2021-37149?
CVE-2021-37149 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
How severe is CVE-2021-37149?
CVE-2021-37149 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37149?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server, Debian Debian Linux.