← back
CVE-2021-32565

HTTP Request Smuggling, content length with invalid charters

EPSS 2.1%CWE-444
Invalid values in the Content-Length header sent to Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Affected products
Apache Software Foundation · Apache Traffic Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3Ehttps://www.debian.org/security/2021/dsa-4957