CVE-2024-35161 Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling

2024-07-2609:10:56

CWE-444

apache

github.com

cve-2024-35161

apache traffic server

incomplete check

chunked trailer

request smuggling

cache poisoning

origin servers

upgrade

version 8.1.11

version 9.2.5

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

55.7%

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"
    ],
    "vendor": "apache",
    "product": "traffic_server",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "8.1.10"
      },
      {
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.2.4"
      }
    ],
    "defaultStatus": "unknown"
  }
]