Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-35161

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Published

2024-07-26T10:15:02.567

Last Modified

2024-11-21T09:19:50.580

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-444
Type: Secondary
CWE-444

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	traffic_server	< 8.1.11	Yes
Application	apache	traffic_server	< 9.2.5	Yes

References

https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 Mailing List, Vendor Advisory ([email protected])
https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)