Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Sep 2024 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 |
Tue, 03 Sep 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 | |
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 13 Aug 2024 09:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 |
Mon, 12 Aug 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache traffic Server |
|
Weaknesses | CWE-444 | |
CPEs | cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache traffic Server |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-07-26T09:10:56.281Z
Updated: 2024-08-13T08:48:33.287Z
Reserved: 2024-05-09T20:04:47.056Z
Link: CVE-2024-35161
Vulnrichment
Updated: 2024-08-02T03:07:46.737Z
NVD
Status : Modified
Published: 2024-07-26T10:15:02.567
Modified: 2024-11-21T09:19:50.580
Link: CVE-2024-35161
Redhat