How severe is CVE-2021-32565?

CVE-2021-32565 has a CVSS v3 score of 7.5 (HIGH).

CVE-2021-32565

Name: debian_linux
Author: debian

7.5HIGH

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0

发布于: 6/29/2021更新于: 11/21/2024

描述

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

AI分析AI驱动

受影响产品

apachetraffic_server

debiandebian_linux

10.0

参考资料

https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E
Mailing ListVendor Advisory
https://www.debian.org/security/2021/dsa-4957
Third Party Advisory
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E
Mailing ListVendor Advisory
https://www.debian.org/security/2021/dsa-4957
Third Party Advisory