THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2021-37147

Request Smuggling - LF line ending

Assignerapache
Reserved2021-07-21
Published2021-11-03
Updated2024-06-10

Description

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

Problem types

CWE-20 Improper Input Validation

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Product status

8.0.0 to 8.1.2 and 9.0.0 to 9.1.0
affected

Credits

Apache Traffic Server would like to thank Mattias Grenfeldt and Asta Olofsson for reporting this issue.

References

https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164

https://www.debian.org/security/2022/dsa-5153 (DSA-5153) vendor-advisory

cve.org CVE-2021-37147

nvd.nist.gov CVE-2021-37147

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-37147
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +