7 matches found
CVE-2021-32565
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...
Debian DSA-4957-1 : trafficserver - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4957 advisory. - Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0...
Apache Traffic Server (ATS) 7.0.0 < 8.1.2, 9.0.0 < 9.0.2 Multiple Vulnerabilities
Apache Traffic Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:trafficserver"...
CVE-2021-32565
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...
CVE-2021-32565
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...
CVE-2021-32565 HTTP Request Smuggling, content length with invalid charters
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1...
CVE-2021-32565
Apache Traffic Server is affected by CVE-2021-32565 due to invalid values in the Content-Length header, enabling HTTP request smuggling. Affected releases: 7.0.0–7.1.12, 8.0.0–8.1.1, and 9.0.0–9.0.1. The issue’s root cause is improper handling of Content-Length values. Debian/DSA-4957-1 notes a f...