CVE-2021-37150

NameCVE-2021-37150
DescriptionImproper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5206-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
trafficserver (PTS)buster, buster (security)8.0.2+ds-1+deb10u6vulnerable
bullseye (security), bullseye8.1.5+ds-1~deb11u1fixed
bookworm, sid9.1.3+ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
trafficserversourcebullseye8.1.5+ds-1~deb11u1DSA-5206-1
trafficserversource(unstable)9.1.3+ds-1

Notes

https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21

Search for package or bug name: Reporting problems