CVE-2021-38161 Vulnerability Details

  /     /     /  

CVE-2021-38161 Metadata Quick Info

CVE Published: 03/11/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: apache | Vendor: Apache Software Foundation | Product: Apache Traffic Server
Status : PUBLISHED

CVE-2021-38161 Description

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-287
CWE Name: CWE-287 Improper Authentication
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: