CVE-2021-41585: ATS stops accepting connections on FreeBSD
First published: Wed Nov 03 2021(Updated: )
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Traffic Server | >=8.0.0<=8.1.2 | |
| Apache Traffic Server | >=9.0.0<=9.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-41585?
CVE-2021-41585 is an Improper Input Validation vulnerability in Apache Traffic Server that allows an attacker to make the server stop accepting new connections.
Which versions of Apache Traffic Server are affected by CVE-2021-41585?
CVE-2021-41585 affects Apache Traffic Server versions 5.0.0 to 9.1.0.
How severe is CVE-2021-41585?
CVE-2021-41585 has a severity rating of 7.5 (High).
How can I fix CVE-2021-41585?
To fix CVE-2021-41585, users should upgrade to a version of Apache Traffic Server that is not affected by the vulnerability.
Where can I find more information about CVE-2021-41585?
More information about CVE-2021-41585 can be found at https://lists.apache.org/thread/k01797hyncx53659wr3o72s5cvkc3164.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/apache
- canonical/apache traffic server
- version/apache traffic server/8.0.0
- version/apache traffic server/8.1.2
- version/apache traffic server/9.0.0
- version/apache traffic server/9.1.0