Assigner | apache |
Reserved | 2021-07-21 |
Published | 2021-11-03 |
Updated | 2024-06-10 |
Description
Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.
Problem types
CWE-20 Improper Input Validation
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Product status
Credits
Apache Traffic Server would like to thank Mattias Grenfeldt and Asta Olofsson for reporting this issue.
References
https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164
https://www.debian.org/security/2022/dsa-5153 (DSA-5153)