CVE-2024-35161
Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
*Credits:
Keran Mu
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-09 CVE Reserved
- 2024-07-26 CVE Published
- 2024-08-13 CVE Updated
- 2024-08-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0 | 2024-07-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Traffic Server Search vendor "Apache Software Foundation" for product "Apache Traffic Server" | >= 8.0.0 <= 8.1.10 Search vendor "Apache Software Foundation" for product "Apache Traffic Server" and version " >= 8.0.0 <= 8.1.10" | en |
Affected
| ||||||
| Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Traffic Server Search vendor "Apache Software Foundation" for product "Apache Traffic Server" | >= 9.0.0 <= 9.2.4 Search vendor "Apache Software Foundation" for product "Apache Traffic Server" and version " >= 9.0.0 <= 9.2.4" | en |
Affected
| ||||||