Description
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Scores
CVSS v3
7.5
EPSS
0.0120
EPSS Percentile
79.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-444
Status
published
Products (2)
apache/traffic_server
7.0.0 - 7.1.12
debian/debian_linux
8.0
Published
Jun 29, 2021
Tracked Since
Feb 18, 2026