CVE-2021-27577
HIGH7.5EPSS 1.2%trafficserver - security update
Published: 6/29/2021Modified: 4/28/2026
Description
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Affected packages (2)
- Debian/trafficserverfrom 0, < 8.1.1+ds-1.1
- Debian/trafficserverfrom 0, < 8.0.2+ds-1+deb10u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |