{"containers":{"cna":{"affected":[{"product":"Apache Traffic Server","vendor":"Apache Software Foundation","versions":[{"status":"affected","version":"Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1"}]}],"descriptions":[{"lang":"en","value":"Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-444","description":"CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-08-14T14:06:13.000Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["x_refsource_MISC"],"url":"https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"},{"name":"DSA-4957","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2021/dsa-4957"}],"source":{"discovery":"UNKNOWN"},"title":"Incorrect handling of url fragment leads to cache poisoning","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","ID":"CVE-2021-27577","STATE":"PUBLIC","TITLE":"Incorrect handling of url fragment leads to cache poisoning"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Traffic Server","version":{"version_data":[{"version_name":"Apache Traffic Server","version_value":"7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Incorrect handling of url fragment vulnerability of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":[{}],"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}]},"references":{"reference_data":[{"name":"https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E","refsource":"MISC","url":"https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"},{"name":"DSA-4957","refsource":"DEBIAN","url":"https://www.debian.org/security/2021/dsa-4957"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T21:26:09.764Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cusers.trafficserver.apache.org%3E"},{"name":"DSA-4957","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2021/dsa-4957"}]}]},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2021-27577","datePublished":"2021-06-29T11:45:19.000Z","dateReserved":"2021-02-23T00:00:00.000Z","dateUpdated":"2024-08-03T21:26:09.764Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}