Primary

Context

Apache Traffic Server Improper Input Validation Vulnerability Allowing Request Smuggling

Vulnerability

Patched

A vulnerability allowing request smuggling via pipelining after a chunked message body has been identified in Apache Traffic Server. This issue arises from improper input validation and affects versions 8.0.0 through 8.1.11, 9.0.0 through 9.2.8, and 10.0.0 through 10.0.3.

Impact

Exploitation of this vulnerability allows for request smuggling, which can disrupt the normal processing of requests and responses between a client and server, potentially leading to unauthorized access or manipulation of data.

Remediation

Users of Apache Traffic Server 9.x should upgrade to version 9.2.9 or later. Users of Apache Traffic Server 10.x should upgrade to version 10.0.4 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Traffic Server Improper Input Validation Vulnerability Allowing Request Smuggling

Vulnerability

Impact

Remediation

Affected Products

Apache Traffic Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating