Request Smuggling Vulnerability in Apache Traffic Server Affecting Multiple Versions
CVE-2024-53868

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Traffic Server
Vendor: CVE Published:; 3 April 2025

Summary

A vulnerability exists in Apache Traffic Server that allows for request smuggling when chunked messages are improperly formatted. This flaw can enable an attacker to manipulate request handling, potentially leading to unauthorized access and data exposure. Users of Apache Traffic Server versions 9.2.0 through 9.2.9 and 10.0.0 through 10.0.4 are strongly advised to upgrade to the patched versions 9.2.10 or 10.0.5 to mitigate the risks associated with this vulnerability.

Affected Version(s)

Apache Traffic Server 9.2.0 <= 9.2.9

Apache Traffic Server 10.0.0 <= 10.0.4

References

https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf...

vendor-advisory

Timeline

Vulnerability published
Apr 3, 2025
Vulnerability Reserved
Nov 22, 2024

Credit

Jeppe Bonde Weikop