CVE-2021-27577

Summary

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Traffic ServerApache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1affected

Weaknesses

  • CWE-444: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

ADP Enrichment

CVE Program Container

Additional References

References