CVE-2021-37147

Summary

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Traffic Server8.0.0 to 8.1.2 and 9.0.0 to 9.1.0affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • CWE-444: CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

ADP Enrichment

CVE Program Container

Additional References

References