CVE-2021-37150

HIGH7.5EPSS 1.2%

trafficserver - security update

Published: 8/10/2022Modified: 3/9/2026

Also known as:DSA-5206-1DEBIAN-CVE-2021-37150DEBIAN-CVE-2022-25763DEBIAN-CVE-2022-28129DEBIAN-CVE-2022-31778DEBIAN-CVE-2022-31779DEBIAN-CVE-2022-31780

Description

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Affected packages (3)

Debian/trafficserverfrom 0, < 8.1.5+ds-1~deb11u1
Debian/trafficserverfrom 0, < 8.0.2+ds-1+deb10u7
Debian/trafficserverfrom 0, < 8.1.5+ds-1~deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-37150