VDB
CVE-2021-32565
CVE-2021-32565
PUBLISHED
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
EPSS 5.67% · 90.6th percentile
Risk Scores
EPSS Score
5.67%
90.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | trafficserver | 0, 8.0.5+ds-1, 8.0.5+ds-2 |
| Ubuntu:18.04:LTS | trafficserver | 0, 7.0.0-5, 7.1.2+ds-2 |
| Ubuntu:16.04:LTS | trafficserver | 0, 5.3.0-2ubuntu1, 5.3.0-2ubuntu2 |
Exploit Intelligence
Timeline
- Apr 13, 2021 CVE Published
- Jun 30, 2021 EPSS Score
- Aug 15, 2021 EPSS Score
- Aug 29, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 26, 2022 EPSS Score
- Apr 27, 2022 EPSS Score
- Aug 26, 2022 EPSS Score
- Oct 25, 2022 EPSS Score
- Feb 22, 2023 EPSS Score
- Jun 23, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32565 third-party-advisory
- https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E third-party-advisory
- https://github.com/apache/trafficserver/pull/7945 third-party-advisory
- https://github.com/apache/trafficserver/commit/668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca third-party-advisory
- https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32565 third-party-advisory