A critical vulnerability identified as CVE-2024-53868 was discovered in Apache Traffic Server, potentially leading to cache poisoning, security control bypass, and session hijacking. The flaw relates to improper handling of HTTP chunked transfer encoding, where attackers can exploit malformed chunked messages to perform request smuggling attacks. Although the vulnerability has a CVSS score of 6.5, denoting a medium severity level, its exploitation could lead to data exposure and inconsistent request handling. Organizations using the affected versions are advised to upgrade and implement security measures to safeguard their systems.
Source: https://cybersecuritynews.com/apache-traffic-server-vulnerability/
"id": "the718040425",
"linkid": "the-apache-software-foundation",
"type": "Vulnerability",
"date": "4/2025",
"severity": "60",
"impact": "1",
"explanation": "Attack without any consequences"