CVE-2021-32565
HIGH7.5EPSS 5.7%Published: 6/29/2021Modified: 4/28/2026
Also known as:DEBIAN-CVE-2021-32565
Description
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Affected packages (1)
- Debian/trafficserverfrom 0, < 8.1.1+ds-1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |