CVE-2021-37150
HIGH7.5EPSS 1.2%trafficserver - security update
Published: 8/10/2022Modified: 4/28/2026
Description
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
Affected packages (3)
- Debian/trafficserverfrom 0, < 8.1.5+ds-1~deb11u1
- Debian/trafficserverfrom 0, < 8.0.2+ds-1+deb10u7
- Debian/trafficserverfrom 0, < 8.1.5+ds-1~deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |