Unrated severityNVD Advisory· Published Jun 29, 2021· Updated Aug 3, 2024
Incorrect handling of url fragment leads to cache poisoning
CVE-2021-27577
Description
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Affected products
27.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1+ 1 more
- (no CPE)range: 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1
- (no CPE)range: Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1
Patches
Vulnerability mechanics
References
2- www.debian.org/security/2021/dsa-4957mitrevendor-advisoryx_refsource_DEBIAN
- lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3Emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.