PT-2021-4096 · Apache · Apache Traffic Server

Brian Olsen

Published

2021-05-01

Updated

2021-05-25

CVE-2021-27737

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Traffic Server version 9.0.0

Description The issue is related to a remote DOS attack on the experimental Slicer plugin. It involves incorrect resource release, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Apache Traffic Server version 9.0.0, consider disabling the experimental Slicer plugin as a temporary workaround to minimize the risk of exploitation.

Fix

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2021-04678

CVE-2021-27737

Affected Products

Apache Traffic Server

PT-2021-4096 · Apache · Apache Traffic Server

CVE-2021-27737

Weakness Enumeration

Related Identifiers

Affected Products

References · 14