Vulnerability Description
Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Traffic Server | >= 8.0.0, <= 8.0.8 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164Mailing ListPatchVendor Advisory
- https://www.debian.org/security/2022/dsa-5153Third Party Advisory
- https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164Mailing ListPatchVendor Advisory
- https://www.debian.org/security/2022/dsa-5153Third Party Advisory
FAQ
What is CVE-2021-38161?
CVE-2021-38161 is a vulnerability with a CVSS score of 8.1 (HIGH). Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.
How severe is CVE-2021-38161?
CVE-2021-38161 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38161?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server, Debian Debian Linux.