CVE-2021-37147

HIGH

Apache Traffic Server < 8.1.2 - HTTP Request Smuggling

Title source: rule

Description

Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0.

References (2)

[Mailing List, Patch, Vendor Advisory] https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5153

Scores

CVSS v3 7.5

EPSS 0.0066

EPSS Percentile 71.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-444 CWE-20

Status published

Products (3)

apache/traffic_server 8.0.0 - 8.1.2

debian/debian_linux 10.0

debian/debian_linux 11.0

Published Nov 03, 2021

Tracked Since Feb 18, 2026