CVE-2021-32565

Summary

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Traffic ServerApache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1affected

Weaknesses

  • CWE-444: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

ADP Enrichment

CVE Program Container

Additional References

References