VDB

DEBIAN-CVE-2021-3618

DEBIAN-CVE-2021-3618 PUBLISHED CVSS 7.400000095367432 HIGH

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

Risk Scores

CVSS 3.1
7.400000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
Debian:12sendmail0, 0, 0
Debian:14sendmail0, 0, 0
Debian:13nginx0, 0, 0
Debian:13vsftpd0, 0, 0
Debian:12nginx0, 0, 0
Debian:13sendmail0, 0, 0
Debian:14nginx0, 0, 0
Debian:12vsftpd3.0.5-0.5, 3.0.5-0.3, 3.0.5-0.1
Debian:14vsftpd0, 0, 0
Debian:11nginx0, 1.18.0-6.1, 1.18.0-6.1
Debian:11sendmail8.18.1-7, 8.15.2-22, 8.15.2-22+deb11u1
Debian:11vsftpd3.0.5-0.5, 3.0.5-0.4, 3.0.5-0.3

Exploit Intelligence

Timeline

  • Mar 23, 2022 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›