THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2021-37147

Request Smuggling - LF line ending

Reserved:2021-07-21
Published:2021-11-03
Updated:2024-06-10

Description

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

Problem types

CWE-20 Improper Input Validation

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Product status

8.0.0 to 8.1.2 and 9.0.0 to 9.1.0
affected

Credits

Apache Traffic Server would like to thank Mattias Grenfeldt and Asta Olofsson for reporting this issue.

References

https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164

https://www.debian.org/security/2022/dsa-5153 (DSA-5153) vendor-advisory

cve.org CVE-2021-37147

nvd.nist.gov CVE-2021-37147

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-37147