PT-2021-5652 · Apache · Apache Traffic Server

Asbjorn Bjornstad

Published

2021-11-03

Updated

2021-11-19

CVE-2021-41585

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 5.0.0 through 9.1.0

Description The issue is related to improper input validation in accepting socket connections, allowing an attacker to make the server stop accepting new connections. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For Apache Traffic Server versions 5.0.0 through 9.1.0, update to a version that includes the fix for this issue to prevent the server from stopping to accept new connections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2022-00090

CVE-2021-41585

OESA-2021-1437

Affected Products

Apache Traffic Server

PT-2021-5652 · Apache · Apache Traffic Server

CVE-2021-41585

Weakness Enumeration

Related Identifiers

Affected Products

References · 18