Vulnerability Details CVE-2021-32566
Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.051
EPSS Ranking 89.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E
- https://www.debian.org/security/2021/dsa-4957
- https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E
- https://www.debian.org/security/2021/dsa-4957
Products affected by CVE-2021-32566
-
cpe:2.3:a:apache:traffic_server:7.0.0
-
cpe:2.3:a:apache:traffic_server:7.1.0
-
cpe:2.3:a:apache:traffic_server:7.1.1
-
cpe:2.3:a:apache:traffic_server:7.1.10
-
cpe:2.3:a:apache:traffic_server:7.1.11
-
cpe:2.3:a:apache:traffic_server:7.1.12
-
cpe:2.3:a:apache:traffic_server:7.1.2
-
cpe:2.3:a:apache:traffic_server:7.1.3
-
cpe:2.3:a:apache:traffic_server:7.1.4
-
cpe:2.3:a:apache:traffic_server:7.1.5
-
cpe:2.3:a:apache:traffic_server:7.1.6
-
cpe:2.3:a:apache:traffic_server:7.1.7
-
cpe:2.3:a:apache:traffic_server:7.1.8
-
cpe:2.3:a:apache:traffic_server:7.1.9
-
cpe:2.3:a:apache:traffic_server:8.0.0
-
cpe:2.3:a:apache:traffic_server:8.0.1
-
cpe:2.3:a:apache:traffic_server:8.0.2
-
cpe:2.3:a:apache:traffic_server:8.0.3
-
cpe:2.3:a:apache:traffic_server:8.0.4
-
cpe:2.3:a:apache:traffic_server:8.0.5
-
cpe:2.3:a:apache:traffic_server:8.0.6
-
cpe:2.3:a:apache:traffic_server:8.0.7
-
cpe:2.3:a:apache:traffic_server:8.0.8
-
cpe:2.3:a:apache:traffic_server:8.1.0
-
cpe:2.3:a:apache:traffic_server:8.1.1
-
cpe:2.3:a:apache:traffic_server:9.0.0
-
cpe:2.3:a:apache:traffic_server:9.0.1
-
cpe:2.3:o:debian:debian_linux:10.0