Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-35161

Опубликовано: 26 июл. 2024
Источник: nvd
CVSS3: 7.5
CVSS3: 9.1
EPSS Низкий

Описание

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.1.11 (исключая)
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
Версия от 9.0.0 (включая) до 9.2.5 (исключая)

EPSS

Процентиль: 43%
0.00209
Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-444
CWE-444

Связанные уязвимости

ubuntu логотип

CVE-2024-35161

CVSS3: 7.5
ubuntu
больше 1 года назад

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

redhat логотип

CVE-2024-35161

CVSS3: 7.5
redhat
больше 1 года назад

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

debian логотип

CVE-2024-35161

CVSS3: 7.5
debian
больше 1 года назад

Apache Traffic Server forwards malformed HTTP chunked trailer section ...

github логотип

GHSA-j49j-p46f-pfcv

CVSS3: 9.1
github
больше 1 года назад

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

fstec логотип

BDU:2024-05796

CVSS3: 9
fstec
больше 1 года назад

Уязвимость веб-сервера Apache Traffic Server, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить атаку «контрабанда HTTP-запросов»

EPSS

Процентиль: 43%
0.00209
Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-444
CWE-444