VDB
CVE-2021-27577
CVE-2021-27577
PUBLISHED
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
EPSS 1.21% · 79.3th percentile
Risk Scores
EPSS Score
1.21%
79.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | trafficserver | 8.0.5+ds-3, 8.0.5+ds-3ubuntu0.1~esm1, * |
| Ubuntu:18.04:LTS | trafficserver | 0, 7.0.0-5, 7.1.2+ds-2 |
Exploit Intelligence
Timeline
- Apr 13, 2021 CVE Published
- Jun 30, 2021 EPSS Score
- Jul 7, 2021 EPSS Score
- Aug 29, 2021 EPSS Score
- Oct 28, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 26, 2022 EPSS Score
- Apr 27, 2022 EPSS Score
- Jun 26, 2022 EPSS Score
- Oct 25, 2022 EPSS Score
- Dec 24, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-27577 third-party-advisory
- https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E third-party-advisory
- https://github.com/apache/trafficserver/pull/7945 third-party-advisory
- https://github.com/apache/trafficserver/commit/2b13eb33794574e62249997b4ba654d943a10f2d third-party-advisory
- https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-27577 third-party-advisory