← volver
CVE-2021-27577

Incorrect handling of url fragment leads to cache poisoning

EPSS 3.5%CWE-444
Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.
Productos afectados
Apache Software Foundation · Apache Traffic Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3Ehttps://www.debian.org/security/2021/dsa-4957