Test ID:	1.3.6.1.4.1.25623.1.0.146192
Category:	Web Servers
Title:	Apache Traffic Server (ATS) 7.0.0 < 8.1.2, 9.0.0 < 9.0.2 Multiple Vulnerabilities
Summary:	Apache Traffic Server is prone to multiple vulnerabilities.
Description:	Summary: Apache Traffic Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2021-27577: Incorrect handling of url fragment leads to cache poisoning - CVE-2021-32565: HTTP Request Smuggling, content length with invalid charters - CVE-2021-32566: Specific sequence of HTTP/2 frames can cause ATS to crash - CVE-2021-32567: Reading HTTP/2 frames too many times - CVE-2021-35474: Dynamic stack buffer overflow in cachekey plugin Affected Software/OS: Apache Traffic Server version 7.0.0 through 7.1.12, 8.0.0 through 8.1.1 and 9.0.0 through 9.0.1. Solution: Update to version 8.1.2, 9.0.2 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-27577 Debian Security Information: DSA-4957 (Google Search) https://www.debian.org/security/2021/dsa-4957 https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2021-32565 Common Vulnerability Exposure (CVE) ID: CVE-2021-32566 Common Vulnerability Exposure (CVE) ID: CVE-2021-32567 Common Vulnerability Exposure (CVE) ID: CVE-2021-35474
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.