How severe is CVE-2021-32565?

CVE-2021-32565 has a CVSS v3 score of 7.5 (HIGH).

CVE-2021-32565

Name: debian_linux
Author: debian

7.5HIGH

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0

Publicado: 6/29/2021Actualizado: 11/21/2024

Descripción

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Análisis IAImpulsado por IA

Productos Afectados

apachetraffic_server

debiandebian_linux

10.0

Referencias

https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E
Mailing ListVendor Advisory
https://www.debian.org/security/2021/dsa-4957
Third Party Advisory
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E
Mailing ListVendor Advisory
https://www.debian.org/security/2021/dsa-4957
Third Party Advisory