Candidate: CVE-2021-37148
PublicDate: 2021-11-03 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37148
 https://www.openwall.com/lists/oss-security/2021/11/02/11
 https://github.com/apache/trafficserver/pull/8457/
 https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master)
 https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x)
Description:
 Improper input validation vulnerability in header parsing of Apache Traffic
 Server allows an attacker to smuggle requests. This issue affects Apache
 Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_trafficserver:
upstream_trafficserver: needs-triage
trusty_trafficserver: ignored (out of standard support)
xenial_trafficserver: ignored (out of standard support)
bionic_trafficserver: needs-triage
focal_trafficserver: needs-triage
hirsute_trafficserver: ignored (reached end-of-life)
impish_trafficserver: needs-triage
jammy_trafficserver: needs-triage
devel_trafficserver: needs-triage