VDB
CVE-2021-32567
CVE-2021-32567
PUBLISHED
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
EPSS 7.93% · 92.2th percentile
Risk Scores
EPSS Score
7.93%
92.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | trafficserver | 0, 5.3.0-2ubuntu2, 5.3.0-2ubuntu1 |
| Ubuntu:18.04:LTS | trafficserver | 0, 7.1.2+ds-2build1, 7.1.2+ds-3 |
| Ubuntu:Pro:20.04:LTS | trafficserver | 8.0.5+ds-2, 8.0.5+ds-2ubuntu1, 8.0.5+ds-2build1 |
Exploit Intelligence
Timeline
- Jun 30, 2021 EPSS Score
- Jun 30, 2021 CVE Published
- Aug 15, 2021 EPSS Score
- Aug 29, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 26, 2022 EPSS Score
- Apr 27, 2022 EPSS Score
- Aug 26, 2022 EPSS Score
- Oct 25, 2022 EPSS Score
- Feb 22, 2023 EPSS Score
- Apr 24, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32567 third-party-advisory
- https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E third-party-advisory
- https://github.com/apache/trafficserver/pull/7945 third-party-advisory
- https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed third-party-advisory
- https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32567 third-party-advisory