Vulnerability Details CVE-2024-53868
Apache Traffic Server allows request smuggling if chunked messages are malformed.
This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4.
Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2024-53868
-
cpe:2.3:a:apache:traffic_server:10.0.0
-
cpe:2.3:a:apache:traffic_server:10.0.1
-
cpe:2.3:a:apache:traffic_server:10.0.2
-
cpe:2.3:a:apache:traffic_server:10.0.3
-
cpe:2.3:a:apache:traffic_server:10.0.4
-
cpe:2.3:a:apache:traffic_server:9.0.0
-
cpe:2.3:a:apache:traffic_server:9.0.1
-
cpe:2.3:a:apache:traffic_server:9.0.2
-
cpe:2.3:a:apache:traffic_server:9.1.0
-
cpe:2.3:a:apache:traffic_server:9.1.1
-
cpe:2.3:a:apache:traffic_server:9.1.2
-
cpe:2.3:a:apache:traffic_server:9.1.3
-
cpe:2.3:a:apache:traffic_server:9.1.4
-
cpe:2.3:a:apache:traffic_server:9.2.0
-
cpe:2.3:a:apache:traffic_server:9.2.1
-
cpe:2.3:a:apache:traffic_server:9.2.2
-
cpe:2.3:a:apache:traffic_server:9.2.3
-
cpe:2.3:a:apache:traffic_server:9.2.4
-
cpe:2.3:a:apache:traffic_server:9.2.5
-
cpe:2.3:a:apache:traffic_server:9.2.6
-
cpe:2.3:a:apache:traffic_server:9.2.7
-
cpe:2.3:a:apache:traffic_server:9.2.8
-
cpe:2.3:a:apache:traffic_server:9.2.9