Description:
ATS is vulnerable to various HTTP/1.x and HTTP/2 attacks
CVE:
CVE-2021-27577 Incorrect handling of url fragment leads to cache poisoning
CVE-2021-32565 HTTP Request Smuggling, content length with invalid charters
CVE-2021-32566 Specific sequence of HTTP/2 frames can cause ATS to crash
CVE-2021-32567 Reading HTTP/2 frames too many times
CVE-2021-35474 Dynamic stack buffer overflow in cachekey plugin
Reported By:
Katsutoshi Ikenoya (CVE-2021-32566)
Mattias Grenfeldt (CVE-2021-32565)
Iustin Ladunca (CVE-2021-27577)
Masaori Koshiba (CVE-2021-32567, CVE-2021-35474)
Vendor:
The Apache Software Foundation
Version Affected:
ATS 7.0.0 to 7.1.12
ATS 8.0.0 to 8.1.1
ATS 9.0.0 to 9.0.1
Mitigation:
7.x users should upgrade to 8.1.2 or 9.0.2, or later versions
8.x users should upgrade to 8.1.2 or later versions
9.x users should upgrade to 9.0.2 or later versions
References:
Downloads:
https://trafficserver.apache.org/downloads
(Please use backup sites from the link only if the mirrors are
unavailable)
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35474
-Bryan
