Description

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

Remediation

References

CVE-2021-37147

Related Vulnerabilities

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-4313)

MySQL CVE-2016-9843 Vulnerability (CVE-2016-9843)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9411)

Oracle Application Server Other Vulnerability (CVE-2001-1372)

Apache Tomcat version older than 6.0.9

Severity

High

Classification

CVE-2021-37147 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities