CVE-2023-38522
Apache Traffic Server: Incomplete field name check allows request smuggling
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
*Credits:
Ben Kallus
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-07-18 CVE Reserved
- 2024-07-26 CVE Published
- 2024-08-13 CVE Updated
- 2024-08-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-86: Improper Neutralization of Invalid Characters in Identifiers in Web Pages
- CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 | 2024-07-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Traffic Server Search vendor "Apache Software Foundation" for product "Apache Traffic Server" | >= 8.0.0 <= 8.1.10 Search vendor "Apache Software Foundation" for product "Apache Traffic Server" and version " >= 8.0.0 <= 8.1.10" | en |
Affected
| ||||||
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Traffic Server Search vendor "Apache Software Foundation" for product "Apache Traffic Server" | >= 9.0.0 <= 9.2.4 Search vendor "Apache Software Foundation" for product "Apache Traffic Server" and version " >= 9.0.0 <= 9.2.4" | en |
Affected
| ||||||