CVE-2021-44040

HIGH

Apache Traffic Server 8.0.0-8.1.3 and 9.0.0-9.1.1 - Improper Input Validation in Request Line Parsing

Title source: llm

Description

Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.

References (2)

Core 2

Core References

Mailing List, Vendor Advisory x_refsource_misc

https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2022/dsa-5153

Scores

CVSS v3 7.5

EPSS 0.0325

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-20

Status published

Products (3)

apache/traffic_server 8.0.0 - 8.1.3

debian/debian_linux 10.0

debian/debian_linux 11.0

Published Mar 23, 2022

Tracked Since Feb 18, 2026