Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-68qf-xhq3-9qj5

Опубликовано: 26 июл. 2024
Источник: github
Github: Не прошло ревью
CVSS3: 7.5

Описание

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Ссылки

EPSS

Процентиль: 52%
0.00294
Низкий

7.5 High

CVSS3

CVE ID

CVE-2023-38522

Дефекты

CWE-20
CWE-444
CWE-86

Связанные уязвимости

ubuntu логотип

CVE-2023-38522

CVSS3: 7.5
ubuntu
больше 1 года назад

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

redhat логотип

CVE-2023-38522

CVSS3: 7.5
redhat
больше 1 года назад

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

nvd логотип

CVE-2023-38522

CVSS3: 7.5
nvd
больше 1 года назад

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

debian логотип

CVE-2023-38522

CVSS3: 7.5
debian
больше 1 года назад

Apache Traffic Server accepts characters that are not allowed for HTTP ...

fstec логотип

BDU:2024-05797

CVSS3: 9
fstec
больше 1 года назад

Уязвимость веб-сервера Apache Traffic Server, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить атаку «контрабанда HTTP-запросов»

EPSS

Процентиль: 52%
0.00294
Низкий

7.5 High

CVSS3

CVE ID

CVE-2023-38522

Дефекты

CWE-20
CWE-444
CWE-86