GHSA-p9hw-v7q7-gmh5

Опубликовано: 03 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

Apache Traffic Server allows request smuggling if chunked messages are malformed.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4.

Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

Apache Traffic Server allows request smuggling if chunked messages are malformed.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4.

Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

Ссылки

EPSS

Процентиль: 86%

0.02853

Низкий

7.5 High

CVSS3

CVE ID

CVE-2024-53868

Дефекты

CWE-444

Связанные уязвимости

CVE-2024-53868

CVSS3: 7.5

ubuntu

10 месяцев назад

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

CVE-2024-53868

CVSS3: 7.5

nvd

10 месяцев назад

CVE-2024-53868

CVSS3: 7.5

debian

10 месяцев назад

Apache Traffic Server allows request smuggling if chunked messages are ...

BDU:2025-03879

CVSS3: 6.5

fstec

10 месяцев назад

Уязвимость веб-сервера Apache Traffic Server, связанная с недостатками обработки заголовков HTTP-запросов, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

EPSS

Процентиль: 86%

0.02853

Низкий

7.5 High

CVSS3

CVE ID

CVE-2024-53868

Дефекты

CWE-444