Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Debian: DSA-5153-1 Critical: Trafficserver HTTP Smuggling Attacks

debian
Calendar Grey May 30, 2022
Debian Logo
Apache Traffic Server exhibits security flaws that may lead to HTTP request smuggling and man-in-the-middle attacks. Be sure to update your packages immediately.
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling or MITM attacks
Topics%20covered

Topics Covered

security advisory update critical debian http smuggling man in the middle trafficserver

Summary

Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in HTTP request
smuggling or MITM attacks.

For the oldstable distribution (buster), these problems have been fixed
in version 8.0.2+ds-1+deb10u6.

For the stable distribution (bullseye), these problems have been fixed in
version 8.1.1+ds-1.1+deb11u1.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/trafficserver

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: trafficserver
CVE ID: CVE-2021-37147 CVE-2021-37148 CVE-2021-37149 CVE-2021-38161

Topics%20covered

Topics Covered

security advisory update critical debian http smuggling man in the middle trafficserver

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here