SB2021080346 - Inconsistent interpretation of HTTP requests in Traefik



SB2021080346 - Inconsistent interpretation of HTTP requests in Traefik

Published: August 3, 2021 Updated: May 5, 2026

Security Bulletin ID SB2021080346
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2021-32813)

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to remove security-relevant request headers.

The vulnerability exists due to improper handling of hop-by-hop headers in Connection header processing when handling crafted HTTP requests through a chain of middlewares. A remote attacker can send a specially crafted request with a malicious Connection header to remove security-relevant request headers.

This can occur when one middleware sets a request header that is later stripped before the request is forwarded to the backend.


Remediation

Install update from vendor's website.