Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4957-1:8BA01
HistoryAug 13, 2021 - 8:47 p.m.

[SECURITY] [DSA 4957-1] trafficserver security update

2021-08-1320:47:09
lists.debian.org
54

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

Debian Security Advisory DSA-4957-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 13, 2021 https://www.debian.org/security/faq

Package : trafficserver
CVE ID : CVE-2021-27577 CVE-2021-32566 CVE-2021-32567
CVE-2021-35474 CVE-2021-32565

Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in denial of
service, HTTP request smuggling or cache poisoning.

For the stable distribution (buster), these problems have been fixed in
version 8.0.2+ds-1+deb10u5.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10mipseltrafficserver-experimental-plugins< 8.0.2+ds-1+deb10u5trafficserver-experimental-plugins_8.0.2+ds-1+deb10u5_mipsel.deb
Debian10mipseltrafficserver-dev< 8.0.2+ds-1+deb10u5trafficserver-dev_8.0.2+ds-1+deb10u5_mipsel.deb
Debian10armhftrafficserver-experimental-plugins-dbgsym< 8.0.2+ds-1+deb10u5trafficserver-experimental-plugins-dbgsym_8.0.2+ds-1+deb10u5_armhf.deb
Debian10ppc64eltrafficserver-dbgsym< 8.0.2+ds-1+deb10u5trafficserver-dbgsym_8.0.2+ds-1+deb10u5_ppc64el.deb
Debian10amd64trafficserver-dev< 8.0.2+ds-1+deb10u5trafficserver-dev_8.0.2+ds-1+deb10u5_amd64.deb
Debian10amd64trafficserver-experimental-plugins-dbgsym< 8.0.2+ds-1+deb10u5trafficserver-experimental-plugins-dbgsym_8.0.2+ds-1+deb10u5_amd64.deb
Debian10alltrafficserver< 8.0.2+ds-1+deb10u5trafficserver_8.0.2+ds-1+deb10u5_all.deb
Debian10amd64trafficserver-experimental-plugins< 8.0.2+ds-1+deb10u5trafficserver-experimental-plugins_8.0.2+ds-1+deb10u5_amd64.deb
Debian10ppc64eltrafficserver< 8.0.2+ds-1+deb10u5trafficserver_8.0.2+ds-1+deb10u5_ppc64el.deb
Debian10mipstrafficserver< 8.0.2+ds-1+deb10u5trafficserver_8.0.2+ds-1+deb10u5_mips.deb
Rows per page:
1-10 of 411

Related

openvas 2
osv 6
nessus 1
ubuntucve 5
prion 5
nvd 5
cve 5
cvelist 5
debiancve 5
cnvd 1
openvas
openvas
Apache Traffic Server (ATS) 7.0.0 < 8.1.2, 9.0.0 < 9.0.2 Multiple Vulnerabilities
2021-06-30 00:00:00
Debian: Security Advisory (DSA-4957-1)
2021-08-15 00:00:00
osv
osv
trafficserver - security update
2021-08-13 00:00:00
CVE-2021-32567
2021-06-30 08:15:06
CVE-2021-27577
2021-06-29 12:15:08
nessus
nessus
Debian DSA-4957-1 : trafficserver - security update
2021-08-14 00:00:00
ubuntucve
ubuntucve
CVE-2021-32566
2021-06-30 00:00:00
CVE-2021-32567
2021-06-30 00:00:00
CVE-2021-27577
2021-06-29 00:00:00
prion
prion
Design/Logic Flaw
2021-06-29 12:15:00
Input validation
2021-06-30 08:15:00
Input validation
2021-06-30 08:15:00
nvd
nvd
CVE-2021-35474
2021-06-30 08:15:06
CVE-2021-32565
2021-06-29 12:15:08
CVE-2021-32567
2021-06-30 08:15:06
cve
cve
CVE-2021-27577
2021-06-29 12:15:08
CVE-2021-32567
2021-06-30 08:15:06
CVE-2021-32565
2021-06-29 12:15:08
cvelist
cvelist
CVE-2021-32566 Specific sequence of HTTP/2 frames can cause ATS to crash
2021-06-30 07:15:19
CVE-2021-32565 HTTP Request Smuggling, content length with invalid charters
2021-06-29 11:45:20
CVE-2021-27577 Incorrect handling of url fragment leads to cache poisoning
2021-06-29 11:45:19
debiancve
debiancve
CVE-2021-35474
2021-06-30 08:15:06
CVE-2021-32567
2021-06-30 08:15:06
CVE-2021-27577
2021-06-29 12:15:08
cnvd
cnvd
Apache Traffic Server Environment Issue Vulnerability (CNVD-2021-70101)
2021-06-30 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON
Related for DEBIAN:DSA-4957-1:8BA01
openvas2osv6nessus1ubuntucve5prion5nvd5cve5cvelist5debiancve5cnvd1