CVE-2021-27737 - Vulnerability Details - OpenCVE

Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Traffic Server

Configuration 1 [-]

cpe:2.3:a:apache:traffic_server:9.0.0:-:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cdev.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cusers.trafficserver.apache.org%3E

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-05-14T20:39:39

Updated: 2024-08-03T21:26:10.829Z

Reserved: 2021-02-26T00:00:00

Link: CVE-2021-27737

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-14T21:15:07.450

Modified: 2024-11-21T05:58:29.250

Link: CVE-2021-27737

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache Traffic Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache Traffic Server 9.0.0"}]}], "descriptions": [{"lang": "en", "value": "Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-14T20:40:06", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[trafficserver-announce] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}, {"name": "[trafficserver-dev] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cdev.trafficserver.apache.org%3E"}, {"name": "[trafficserver-users] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cusers.trafficserver.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-27737", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Traffic Server", "version": {"version_data": [{"version_value": "Apache Traffic Server 9.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "[trafficserver-announce] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cannounce.trafficserver.apache.org%3E"}, {"name": "[trafficserver-dev] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cdev.trafficserver.apache.org%3E"}, {"name": "[trafficserver-users] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525@%3Cusers.trafficserver.apache.org%3E"}, {"name": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:26:10.829Z"}, "title": "CVE Program Container", "references": [{"name": "[trafficserver-announce] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}, {"name": "[trafficserver-dev] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cdev.trafficserver.apache.org%3E"}, {"name": "[trafficserver-users] 20210513 Apache Traffic Server is vulnerable to a DOS attack in the experimental Slicer plugin", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cusers.trafficserver.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-27737", "datePublished": "2021-05-14T20:39:39", "dateReserved": "2021-02-26T00:00:00", "dateUpdated": "2024-08-03T21:26:10.829Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_server:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "E46477AF-F18E-4265-A63E-69D15CEE9891", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin."}, {"lang": "es", "value": "Apache Traffic Server versi\u00f3n 9.0.0, es vulnerable a un ataque de tipo DOS remoto en el plugin Slicer experimental"}], "id": "CVE-2021-27737", "lastModified": "2024-11-21T05:58:29.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-14T21:15:07.450", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cdev.trafficserver.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cusers.trafficserver.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cannounce.trafficserver.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cdev.trafficserver.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r74f72650c3590478f028ea3a1b8cab2a33d20ad9ff407e894ca70525%40%3Cusers.trafficserver.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}