CVE-2021-37150
Protocol vs scheme mismatch
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected products
Apache Software Foundation · Apache Traffic ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21https://lists.debian.org/debian-lts-announce/2023/01/msg00019.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CJ67IWD5PRJUOIYIDJRUG3UMS2UF4X4J/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZCSBQBYPOZSWS5LCOAQ6LJLRLXFIAW5A/https://www.debian.org/security/2022/dsa-5206