{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35161", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-05-09T20:04:47.056Z", "datePublished": "2024-07-26T09:10:56.281Z", "dateUpdated": "2024-08-13T08:48:33.287Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Traffic Server", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "8.1.10", "status": "affected", "version": "8.0.0", "versionType": "semver"}, {"lessThanOrEqual": "9.2.4", "status": "affected", "version": "9.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Keran Mu"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.</p><p>This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.</p>Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.<br><p>Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.</p>"}], "value": "Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-08-13T08:48:33.287Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "apache", "product": "traffic_server", "cpes": ["cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.0.0", "status": "affected", "lessThanOrEqual": "8.1.10", "versionType": "semver"}, {"version": "9.0.0", "status": "affected", "lessThanOrEqual": "9.2.4", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-31T17:38:35.230307Z", "id": "CVE-2024-35161", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T17:47:08.763Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:46.737Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:46.737Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-35161", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-31T17:38:35.230307Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"], "vendor": "apache", "product": "traffic_server", "versions": [{"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.1.10"}, {"status": "affected", "version": "9.0.0", "versionType": "semver", "lessThanOrEqual": "9.2.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-31T17:46:48.110Z"}}], "cna": {"title": "Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Keran Mu"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Traffic Server", "versions": [{"status": "affected", "version": "8.0.0", "versionType": "semver", "lessThanOrEqual": "8.1.10"}, {"status": "affected", "version": "9.0.0", "versionType": "semver", "lessThanOrEqual": "9.2.4"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.</p><p>This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.</p>Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.<br><p>Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-08-13T08:48:33.287Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35161", "state": "PUBLISHED", "dateUpdated": "2024-08-13T08:48:33.287Z", "dateReserved": "2024-05-09T20:04:47.056Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-07-26T09:10:56.281Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4F8362B-1EAE-453D-B231-744F00ED33BF", "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DEB7909-4350-4D44-BAA2-72BEF6E132C1", "versionEndExcluding": "9.2.5", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."}, {"lang": "es", "value": "Apache Traffic Server reenv\u00eda la secci\u00f3n fragmentada HTTP mal formada a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y tambi\u00e9n puede provocar un envenenamiento de la cach\u00e9 si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versi\u00f3n 8.0.0 hasta la 8.1.10, desde la versi\u00f3n 9.0.0 hasta la 9.2.4. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http.drop_chunked_trailers) para no reenviar la secci\u00f3n fragmentada del tr\u00e1iler. Se recomienda a los usuarios que actualicen a la versi\u00f3n 8.1.11 o 9.2.5, que soluciona el problema."}], "id": "CVE-2024-35161", "lastModified": "2024-11-21T09:19:50.580", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-26T10:15:02.567", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "trafficserver.apache.org: trafficserver: apache: Incomplete check for chunked trailer section allows", "id": "2300035", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300035"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "cwe": "CWE-444", "details": ["Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."], "name": "CVE-2024-35161", "public_date": "2024-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35161\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35161\nhttps://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"], "threat_severity": "Moderate"}