- Description
- Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- traffic_server
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- security@apache.org
- CWE-444
- Hype score
- Not currently trending
🚨 Apache Traffic Server flaw (CVE-2024-53868) 🚨 🔓 Affects v9.x–10.x 💥 Enables request smuggling 🎯 Risks: hijacked sessions, cache poisoning ⚠️ Medium severity (CVSS 6.5) Patch now. 👉 Stay secure: https://t.co/QevXAC23bg 🔗 https://t.co/DP5lakyEgn
@DigitalWarCorp
19 Jun 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #ApacheTrafficServer Apache Traffic Server Hit by Request Smuggling Vulnerability (CVE-2024-53868) https://t.co/OeNMj99wvt
@Komodosec
11 Jun 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-53868 Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.… https://t.co/4H2Ch2JT6e
@CVEnew
4 Apr 2025
152 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49BBCCAA-EDE7-43C9-8F83-D9222041EB9D",
"versionEndExcluding": "9.2.10",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA433D39-AD50-4477-8DAF-7933110A198F",
"versionEndExcluding": "10.0.5",
"versionStartIncluding": "10.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]