Apache Traffic Server: Differential fuzzing for HTTP request parsing discrepancies
CVE-2023-33934

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Traffic Server
Vendor: CVE Published:; 9 August 2023

What is CVE-2023-33934?

An improper input validation vulnerability exists in Apache Traffic Server, which could allow an attacker to exploit the affected version through specially crafted input, potentially leading to security breaches. This issue impacts all versions of Apache Traffic Server up to 9.2.1, posing a risk to organizations and applications utilizing this server software.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Traffic Server 0 <= 9.2.1

References

https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7...

vendor-advisory

https://lists.fedoraproject.org/archives/list/package-ann...

https://lists.debian.org/debian-lts-announce/2023/09/msg0...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 9, 2023
Vulnerability Reserved
May 23, 2023

Credit

Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, Harvey Tuch

JSON

Apache

What is CVE-2023-33934?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.