var-202106-1082
Vulnerability from variot

Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


Debian Security Advisory DSA-4957-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 13, 2021 https://www.debian.org/security/faq


Package : trafficserver CVE ID : CVE-2021-27577 CVE-2021-32566 CVE-2021-32567 CVE-2021-35474 CVE-2021-32565

Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling or cache poisoning.

For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u5.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmEW2boACgkQEMKTtsN8 TjbGiA//ZQ1onYoleaQXDZ5myg7Opn8zceGdW9Dz907hCM9/cTyJQUxPnYRK24uP xtg9iW10YNwl3XaqSDGChBrAtnxFkzXid5QIxqlEzWfGhWTIfgYtumUB99X4Hp2n noprV5wHa5OAZsgQvRA6UXHZrGxpdbShvo9NQSuD4WN0Vukbj862v1h1jURlblDA GD+LbNeIcz44Z4udQNIpbuth9RJs6ezobgwnQngH7AA+4DvgW4qVlz+vrEo4P2tW jEKzdaXrKKC1Cdf6qiEzJ7+2uWGTLA9TOuadGSNzDnscjKDtqxG8WLxtGToDYurK xK+Cfo1cj4+OqaIaCfbfi6bxD1nbliEAYr0CsfL0wxtHpwqLbCMlr0KF/2+Ya5Rc LjOQrhgvUmjv2SCHVQZ4q01u27ulrFFHg6gqrdb7k3SddV2xka/OMdINTEKa1H/X JyhQJ40DcYqMfPfCIbX86NZAsAQDYwp6x/DTiIEHa/H0qCN9FAq0k4aAvcRuqvEF Ymb/E+kEN2TfoANpvyMTlFD0awUW+lo9IvmNumBq8jSGipM9nwx0/wZTdgKSVpni BJ0kCn3RHPd4DYLejocbnjc4clI6ctW/K3E89nb5wVHbXQHBK7sgfJYmw2aYKF6J 9h7/vdjNuEEBHSpHXO54W4CFH39UZ7DnI4uF0Ju61I+i+g7rQAE= =4fML -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1082",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.0.0"
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "9.0.0"
      },
      {
        "model": "traffic server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "8.1.1"
      },
      {
        "model": "traffic server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "9.0.1"
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.0.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "model": "traffic server",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "7.1.12"
      },
      {
        "model": "traffic server",
        "scope": null,
        "trust": 0.8,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "apache",
        "version": "7.0.0\u003c=7.1.12"
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "apache",
        "version": "8.0.0,\u003c=8.1.1"
      },
      {
        "model": "traffic server",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "apache",
        "version": "9.0.0,\u003c=9.0.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32565"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1.12",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.1.1",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0.1",
                "versionStartIncluding": "9.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32565"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Debian",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "169107"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2021-32565",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-32565",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-49082",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-32565",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-32565",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-49082",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202106-1942",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-32565",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1942"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4957-1                   security@debian.org\nhttps://www.debian.org/security/                       Moritz Muehlenhoff\nAugust 13, 2021                       https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : trafficserver\nCVE ID         : CVE-2021-27577 CVE-2021-32566 CVE-2021-32567\n                 CVE-2021-35474 CVE-2021-32565\n\nSeveral vulnerabilities were discovered in Apache Traffic Server, a\nreverse and forward proxy server, which could result in denial of\nservice, HTTP request smuggling or cache poisoning. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 8.0.2+ds-1+deb10u5. \n\nWe recommend that you upgrade your trafficserver packages. \n\nFor the detailed security status of trafficserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/trafficserver\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmEW2boACgkQEMKTtsN8\nTjbGiA//ZQ1onYoleaQXDZ5myg7Opn8zceGdW9Dz907hCM9/cTyJQUxPnYRK24uP\nxtg9iW10YNwl3XaqSDGChBrAtnxFkzXid5QIxqlEzWfGhWTIfgYtumUB99X4Hp2n\nnoprV5wHa5OAZsgQvRA6UXHZrGxpdbShvo9NQSuD4WN0Vukbj862v1h1jURlblDA\nGD+LbNeIcz44Z4udQNIpbuth9RJs6ezobgwnQngH7AA+4DvgW4qVlz+vrEo4P2tW\njEKzdaXrKKC1Cdf6qiEzJ7+2uWGTLA9TOuadGSNzDnscjKDtqxG8WLxtGToDYurK\nxK+Cfo1cj4+OqaIaCfbfi6bxD1nbliEAYr0CsfL0wxtHpwqLbCMlr0KF/2+Ya5Rc\nLjOQrhgvUmjv2SCHVQZ4q01u27ulrFFHg6gqrdb7k3SddV2xka/OMdINTEKa1H/X\nJyhQJ40DcYqMfPfCIbX86NZAsAQDYwp6x/DTiIEHa/H0qCN9FAq0k4aAvcRuqvEF\nYmb/E+kEN2TfoANpvyMTlFD0awUW+lo9IvmNumBq8jSGipM9nwx0/wZTdgKSVpni\nBJ0kCn3RHPd4DYLejocbnjc4clI6ctW/K3E89nb5wVHbXQHBK7sgfJYmw2aYKF6J\n9h7/vdjNuEEBHSpHXO54W4CFH39UZ7DnI4uF0Ju61I+i+g7rQAE=\n=4fML\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-32565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32565"
      },
      {
        "db": "PACKETSTORM",
        "id": "169107"
      }
    ],
    "trust": 2.88
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-32565",
        "trust": 4.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021081714",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021063020",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2759",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1942",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32565",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169107",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "db": "PACKETSTORM",
        "id": "169107"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1942"
      }
    ]
  },
  "id": "VAR-202106-1082",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      }
    ]
  },
  "last_update_date": "2023-12-18T10:45:38.891000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "[ANNOUNCE]\u00a0Apache\u00a0Traffic\u00a0Server\u00a0is\u00a0vulnerable\u00a0to\u00a0various\u00a0HTTP/1.x\u00a0and\u00a0HTTP/2\u00a0attacks DebianDebian\u00a0Security\u00a0Advisory",
        "trust": 0.8,
        "url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3cusers.trafficserver.apache.org%3e"
      },
      {
        "title": "Patch for Apache Traffic Server Environmental Issues Vulnerability (CNVD-2021-49082)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/278056"
      },
      {
        "title": "Apache Traffic Server Remediation measures for environmental problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156246"
      },
      {
        "title": "Debian CVElist Bug Report Logs: trafficserver: Apache Traffic Server is vulnerable to various HTTP/1.x and HTTP/2 attacks",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b751099c4cea0bef933c0d8b21d6a659"
      },
      {
        "title": "Debian Security Advisories: DSA-4957-1 trafficserver -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=36855d9446fa2f34a6ebeffd24b3973b"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1942"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-444",
        "trust": 1.0
      },
      {
        "problemtype": "HTTP Request Smuggling (CWE-444) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32565"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3cusers.trafficserver.apache.org%3e"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2021/dsa-4957"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32565"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021081714"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apache-traffic-server-five-vulnerabilities-36136"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021063020"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2759"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/444.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990303"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32566"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32567"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27577"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/trafficserver"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-35474"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "db": "PACKETSTORM",
        "id": "169107"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1942"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-32565"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "db": "PACKETSTORM",
        "id": "169107"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-32565"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1942"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "date": "2021-06-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32565"
      },
      {
        "date": "2022-03-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "date": "2021-08-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "169107"
      },
      {
        "date": "2021-06-29T12:15:08.573000",
        "db": "NVD",
        "id": "CVE-2021-32565"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-06-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1942"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-07-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-49082"
      },
      {
        "date": "2021-08-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-32565"
      },
      {
        "date": "2022-03-31T06:35:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      },
      {
        "date": "2021-09-20T18:52:38.810000",
        "db": "NVD",
        "id": "CVE-2021-32565"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202106-1942"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202106-1942"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache\u00a0Traffic\u00a0Server\u00a0 In \u00a0HTTP\u00a0 Request Smuggling Vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-008907"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.