Description

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Remediation

References

CVE-2021-32565

Related Vulnerabilities

Java Code Execution Vulnerability (CVE-2018-3211)

Squid Improper Input Validation Vulnerability (CVE-2014-3609)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-1460)

WordPress Plugin Tags Cloud Manager Cross-Site Scripting (1.0.0)

Mailman Other Vulnerability (CVE-2004-1143)

Severity

High

Classification

CVE-2021-32565 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities