Description

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Remediation

References

CVE-2021-27577

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17383)

WordPress Plugin Download Monitor 'dlsearch' Parameter Cross-Site Scripting (3.3.5.8)

WordPress Plugin Count per Day SQL Injection (3.4)

WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.2)

OpenVPN AS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9104)

Severity

High

Classification

CVE-2021-27577 CWE-444 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities