Unrated severityNVD Advisory· Published Jun 29, 2021· Updated Aug 3, 2024
HTTP Request Smuggling, content length with invalid charters
CVE-2021-32565
Description
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Affected products
27.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1+ 1 more
- (no CPE)range: 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1
- (no CPE)range: Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1
Patches
Vulnerability mechanics
References
2- www.debian.org/security/2021/dsa-4957mitrevendor-advisoryx_refsource_DEBIAN
- lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3Emitrex_refsource_MISC
News mentions
0No linked articles in our index yet.