cvelistv5 - cve-2024-35161

CVE-2024-35161 (GCVE-0-2024-35161)

Vulnerability from cvelistv5 – Published: 2024-07-26 09:10 – Updated: 2025-11-03 21:54

Summary

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Severity ?

No CVSS data available.

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Assigner

apache

References

URL

Tags

https://lists.apache.org/thread/c4mcmpblgl8kkmyt5…

vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Traffic Server	Affected: 8.0.0 , ≤ 8.1.10 (semver) Affected: 9.0.0 , ≤ 9.2.4 (semver)

Credits

Keran Mu

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "traffic_server",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "8.1.10",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "9.2.4",
                "status": "affected",
                "version": "9.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35161",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T17:38:35.230307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T17:47:08.763Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:54:57.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Traffic Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "8.1.10",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.4",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Keran Mu"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eApache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\u003c/p\u003eUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T08:48:33.287Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-35161",
    "datePublished": "2024-07-26T09:10:56.281Z",
    "dateReserved": "2024-05-09T20:04:47.056Z",
    "dateUpdated": "2025-11-03T21:54:57.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.1.11\", \"matchCriteriaId\": \"E4F8362B-1EAE-453D-B231-744F00ED33BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.2.5\", \"matchCriteriaId\": \"5DEB7909-4350-4D44-BAA2-72BEF6E132C1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\\n\\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\\n\\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.\"}, {\"lang\": \"es\", \"value\": \"Apache Traffic Server reenv\\u00eda la secci\\u00f3n fragmentada HTTP mal formada a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y tambi\\u00e9n puede provocar un envenenamiento de la cach\\u00e9 si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versi\\u00f3n 8.0.0 hasta la 8.1.10, desde la versi\\u00f3n 9.0.0 hasta la 9.2.4. Los usuarios pueden establecer una nueva configuraci\\u00f3n (proxy.config.http.drop_chunked_trailers) para no reenviar la secci\\u00f3n fragmentada del tr\\u00e1iler. Se recomienda a los usuarios que actualicen a la versi\\u00f3n 8.1.11 o 9.2.5, que soluciona el problema.\"}]",
      "id": "CVE-2024-35161",
      "lastModified": "2024-11-21T09:19:50.580",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
      "published": "2024-07-26T10:15:02.567",
      "references": "[{\"url\": \"https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-444\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-444\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35161\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-07-26T10:15:02.567\",\"lastModified\":\"2025-11-03T22:16:55.883\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\\n\\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\\n\\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Apache Traffic Server reenv\u00eda la secci\u00f3n fragmentada HTTP mal formada a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y tambi\u00e9n puede provocar un envenenamiento de la cach\u00e9 si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versi\u00f3n 8.0.0 hasta la 8.1.10, desde la versi\u00f3n 9.0.0 hasta la 9.2.4. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http.drop_chunked_trailers) para no reenviar la secci\u00f3n fragmentada del tr\u00e1iler. Se recomienda a los usuarios que actualicen a la versi\u00f3n 8.1.11 o 9.2.5, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.1.11\",\"matchCriteriaId\":\"E4F8362B-1EAE-453D-B231-744F00ED33BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.5\",\"matchCriteriaId\":\"5DEB7909-4350-4D44-BAA2-72BEF6E132C1\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:54:57.527Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-35161\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-31T17:38:35.230307Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"traffic_server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.1.10\"}, {\"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.2.4\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-31T17:46:48.110Z\"}}], \"cna\": {\"title\": \"Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Keran Mu\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Traffic Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.1.10\"}, {\"status\": \"affected\", \"version\": \"9.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"9.2.4\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\\n\\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\\n\\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eApache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\u003c/p\u003eUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\u003cbr\u003e\u003cp\u003eUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-08-13T08:48:33.287Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-35161\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:54:57.527Z\", \"dateReserved\": \"2024-05-09T20:04:47.056Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-07-26T09:10:56.281Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2024-1713

Vulnerability from csaf_certbund - Published: 2024-07-25 22:00 - Updated: 2024-09-26 22:00

Summary

Apache Traffic Server: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache Traffic Server ist ein skalier- und erweiterbarer, mit HTTP/1.1 kompatibler "caching proxy server".

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Traffic Server ausnutzen, um einen Denial of Service Angriff durchzuführen oder Sicherheitsmaßnahmen zu umgehen.

Betroffene Betriebssysteme

- Linux - Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache Traffic Server ist ein skalier- und erweiterbarer, mit HTTP/1.1 kompatibler \"caching proxy server\".",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apache Traffic Server ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder Sicherheitsma\u00dfnahmen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1713 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1713.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1713 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1713"
      },
      {
        "category": "external",
        "summary": "Apache Mailing List vom 2024-07-25",
        "url": "https://lists.apache.org/thread/kqv2fjn85ypl8vynhoghydnrf6lsvwbk"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2024-07-25",
        "url": "https://seclists.org/oss-sec/2024/q3/112"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-504D1ABDB5 vom 2024-07-27",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-504d1abdb5"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-2243C5ABEE vom 2024-07-27",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-2243c5abee"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-77FE791124 vom 2024-07-27",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-77fe791124"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-EPEL-2024-D40458DB4B vom 2024-07-27",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d40458db4b"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5758 vom 2024-08-26",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00171.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3897 vom 2024-09-27",
        "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache Traffic Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-09-26T22:00:00.000+00:00",
      "generator": {
        "date": "2024-09-27T08:09:59.059+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-1713",
      "initial_release_date": "2024-07-25T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-25T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-28T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-08-25T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-09-26T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.1.11",
                "product": {
                  "name": "Apache Traffic Server \u003c8.1.11",
                  "product_id": "T036468"
                }
              },
              {
                "category": "product_version",
                "name": "8.1.11",
                "product": {
                  "name": "Apache Traffic Server 8.1.11",
                  "product_id": "T036468-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:traffic_server:8.1.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.5",
                "product": {
                  "name": "Apache Traffic Server \u003c9.2.5",
                  "product_id": "T036469"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.5",
                "product": {
                  "name": "Apache Traffic Server 9.2.5",
                  "product_id": "T036469-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:apache:traffic_server:9.2.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Traffic Server"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38522",
      "notes": [
        {
          "category": "description",
          "text": "In Apache Traffic Server existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um missgestaltete HTTP-Anfragen zu schmuggeln und einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T036469",
          "T036468",
          "74185"
        ]
      },
      "release_date": "2024-07-25T22:00:00.000+00:00",
      "title": "CVE-2023-38522"
    },
    {
      "cve": "CVE-2024-35161",
      "notes": [
        {
          "category": "description",
          "text": "In Apache Traffic Server existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um missgestaltete HTTP-Anfragen zu schmuggeln und einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T036469",
          "T036468",
          "74185"
        ]
      },
      "release_date": "2024-07-25T22:00:00.000+00:00",
      "title": "CVE-2024-35161"
    },
    {
      "cve": "CVE-2024-35296",
      "notes": [
        {
          "category": "description",
          "text": "In Apache Traffic Server existieren mehrere Schwachstellen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um missgestaltete HTTP-Anfragen zu schmuggeln und einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T036469",
          "T036468",
          "74185"
        ]
      },
      "release_date": "2024-07-25T22:00:00.000+00:00",
      "title": "CVE-2024-35296"
    }
  ]
}

CNVD-2024-35170

Vulnerability from cnvd - Published: 2024-08-06

Title

Apache Traffic Server输入验证错误漏洞（CNVD-2024-35170）

Description

Apache Traffic Server（ATS）是美国阿帕奇（Apache）基金会的一套可扩展的HTTP代理和缓存服务器。 Apache Traffic Server存在输入验证错误漏洞，该漏洞源于将格式错误的HTTP分块尾部转发到原始服务器。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

Apache Traffic Server输入验证错误漏洞（CNVD-2024-35170）的补丁

Patch Description

Apache Traffic Server（ATS）是美国阿帕奇（Apache）基金会的一套可扩展的HTTP代理和缓存服务器。 Apache Traffic Server存在输入验证错误漏洞，该漏洞源于将格式错误的HTTP分块尾部转发到原始服务器。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

Reference

https://cxsecurity.com/cveshow/CVE-2024-35161/

Impacted products

Name
['Apache Traffic Server >=8.0.0，<=8.1.10', 'Apache Traffic Server >=9.0.0，<=9.2.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-35161"
    }
  },
  "description": "Apache Traffic Server\uff08ATS\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u53ef\u6269\u5c55\u7684HTTP\u4ee3\u7406\u548c\u7f13\u5b58\u670d\u52a1\u5668\u3002\n\nApache Traffic Server\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5c06\u683c\u5f0f\u9519\u8bef\u7684HTTP\u5206\u5757\u5c3e\u90e8\u8f6c\u53d1\u5230\u539f\u59cb\u670d\u52a1\u5668\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-35170",
  "openTime": "2024-08-06",
  "patchDescription": "Apache Traffic Server\uff08ATS\uff09\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u53ef\u6269\u5c55\u7684HTTP\u4ee3\u7406\u548c\u7f13\u5b58\u670d\u52a1\u5668\u3002\r\n\r\nApache Traffic Server\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5c06\u683c\u5f0f\u9519\u8bef\u7684HTTP\u5206\u5757\u5c3e\u90e8\u8f6c\u53d1\u5230\u539f\u59cb\u670d\u52a1\u5668\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Traffic Server\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-35170\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Traffic Server \u003e=8.0.0\uff0c\u003c=8.1.10",
      "Apache Traffic Server \u003e=9.0.0\uff0c\u003c=9.2.4"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-35161/",
  "serverity": "\u9ad8",
  "submitTime": "2024-07-30",
  "title": "Apache Traffic Server\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2024-35170\uff09"
}

FKIE_CVE-2024-35161

Vulnerability from fkie_nvd - Published: 2024-07-26 10:15 - Updated: 2025-11-03 22:16

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

References

URL	Tags
security@apache.org	https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html

Impacted products

	Vendor	Product	Version
	apache	traffic_server	*
	apache	traffic_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4F8362B-1EAE-453D-B231-744F00ED33BF",
              "versionEndExcluding": "8.1.11",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEB7909-4350-4D44-BAA2-72BEF6E132C1",
              "versionEndExcluding": "9.2.5",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."
    },
    {
      "lang": "es",
      "value": "Apache Traffic Server reenv\u00eda la secci\u00f3n fragmentada HTTP mal formada a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y tambi\u00e9n puede provocar un envenenamiento de la cach\u00e9 si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versi\u00f3n 8.0.0 hasta la 8.1.10, desde la versi\u00f3n 9.0.0 hasta la 9.2.4. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http.drop_chunked_trailers) para no reenviar la secci\u00f3n fragmentada del tr\u00e1iler. Se recomienda a los usuarios que actualicen a la versi\u00f3n 8.1.11 o 9.2.5, que soluciona el problema."
    }
  ],
  "id": "CVE-2024-35161",
  "lastModified": "2025-11-03T22:16:55.883",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-26T10:15:02.567",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-J49J-P46F-PFCV

Vulnerability from github – Published: 2024-07-26 12:35 – Updated: 2025-11-04 00:30

Details

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Severity ?

9.1 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-35161"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-444"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-26T10:15:02Z",
    "severity": "CRITICAL"
  },
  "details": "Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.",
  "id": "GHSA-j49j-p46f-pfcv",
  "modified": "2025-11-04T00:30:59Z",
  "published": "2024-07-26T12:35:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35161"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-35161 (GCVE-0-2024-35161)

WID-SEC-W-2024-1713

CNVD-2024-35170

FKIE_CVE-2024-35161

GHSA-J49J-P46F-PFCV

Tags

Sightings

Nomenclature