Vulnerability Description
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Traffic Server | >= 8.0.0, <= 8.1.4 |
| Debian | Debian Linux | 10.0 |
| Fedoraproject | Fedora | 35 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21Mailing ListVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/01/msg00019.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.debian.org/security/2022/dsa-5206Third Party Advisory
- https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21Mailing ListVendor Advisory
- https://lists.debian.org/debian-lts-announce/2023/01/msg00019.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://www.debian.org/security/2022/dsa-5206Third Party Advisory
FAQ
What is CVE-2021-37150?
CVE-2021-37150 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
How severe is CVE-2021-37150?
CVE-2021-37150 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37150?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server, Debian Debian Linux, Fedoraproject Fedora.