Bug#990303: trafficserver: Apache Traffic Server is vulnerable to various HTTP/1.x and HTTP/2 attacks

2021-06-25 Thread Moritz Muehlenhoff
On Fri, Jun 25, 2021 at 08:59:25AM +0200, Lorenzo Maurizi wrote: > Package: trafficserver > Version: 8.0.2+ds-1+deb10u4 > Severity: grave > Tags: security > Justification: user security hole > > CVE: > CVE-2021-27577 Incorrect handling of url fragment leads to cache poisoning > CVE-2021-32565

Bug#990303: trafficserver: Apache Traffic Server is vulnerable to various HTTP/1.x and HTTP/2 attacks

2021-06-25 Thread Lorenzo Maurizi
Package: trafficserver Version: 8.0.2+ds-1+deb10u4 Severity: grave Tags: security Justification: user security hole -- System Information: Debian Release: 10.10 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux