CVE-2021-37150

CVE-2021-37150: Protocol vs scheme mismatch

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-20 · Input validation

Published August 10, 2022

Last update September 8, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.

Key dates

02Disclosure timeline

August 10, 2022 CVE published

September 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-37150 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2023-43037 IBM Maximo Application Suite improper access control CVE-2023-29335 Microsoft Word Security Feature Bypass Vulnerability CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin` CVE-2022-33945