vulnerability

Debian: CVE-2021-27577: trafficserver -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jun 29, 2021

Added

Aug 16, 2021

Modified

Mar 30, 2026

Description

Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Solution

debian-upgrade-trafficserver

References

CVE-2021-27577
https://attackerkb.com/topics/CVE-2021-27577
CWE-444
DEBIAN-DSA-4957
DEBIAN-DSA-4957-1
EUVD-EUVD-2021-14326
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-14326

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report