Description

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Remediation

References

CVE-2023-38522

Related Vulnerabilities

WordPress Plugin Another WordPress Classifieds Cross-Site Scripting (3.3.1)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)

MySQL CVE-2019-2634 Vulnerability (CVE-2019-2634)

PHP Numeric Errors Vulnerability (CVE-2015-2331)

Internet Information Services Other Vulnerability (CVE-2002-0869)

Severity

High

Classification

CVE-2023-38522 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities