Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man     in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8. (CVE-2021-38161)

Note that Nessus relies on the presence of the package as reported by the vendor.

Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks.

Note that Nessus did not actually test for these issues, but instead has relied on the version found in the server's banner.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5153 advisory.

    Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server,     which could result in HTTP request smuggling or MITM attacks. For the oldstable distribution (buster),     these problems have been fixed in version 8.0.2+ds-1+deb10u6. For the stable distribution (bullseye),     these problems have been fixed in version 8.1.1+ds-1.1+deb11u1. We recommend that you upgrade your     trafficserver packages. For the detailed security status of trafficserver please refer to its security     tracker page at: https://security-tracker.debian.org/tracker/trafficserver

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
259502	Linux Distros Unpatched Vulnerability : CVE-2021-38161	Nessus	Misc.	high
184805	Apache Traffic Server 8.x < 8.1.3 Improper Authentication	Nessus	Web Servers	high
161703	Debian DSA-5153-1 : trafficserver - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2021-38161

high

Tenable Plugins

high

high

high