CVE-2021-37150

Sažetak

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Reference

https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A/
https://www.debian.org/security/2022/dsa-5206
https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
https://lists.debian.org/debian-lts-announce/2023/01/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A/
https://www.debian.org/security/2022/dsa-5206

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

08-09-2025 - 19:15

Objavljeno

10-08-2022 - 06:15