A critical vulnerability identified as CVE-2024-53868 was discovered in Apache Traffic Server, potentially leading to cache poisoning, security control bypass, and session hijacking. The flaw relates to improper handling of HTTP chunked transfer encoding, where attackers can exploit malformed chunked messages to perform request smuggling attacks. Although the vulnerability has a CVSS score of 6.5, denoting a medium severity level, its exploitation could lead to data exposure and inconsistent request handling. Organizations using the affected versions are advised to upgrade and implement security measures to safeguard their systems.
Source: https://cybersecuritynews.com/apache-traffic-server-vulnerability/
TPRM report: https://scoringcyber.rankiteo.com/company/the-apache-software-foundation
"id": "the718040425",
"linkid": "the-apache-software-foundation",
"type": "Vulnerability",
"date": "4/2025",
"severity": "60",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'name': 'Apache Traffic Server users',
'type': 'Organization'}],
'attack_vector': 'HTTP chunked transfer encoding',
'description': 'A critical vulnerability identified as CVE-2024-53868 was '
'discovered in Apache Traffic Server, potentially leading to '
'cache poisoning, security control bypass, and session '
'hijacking. The flaw relates to improper handling of HTTP '
'chunked transfer encoding, where attackers can exploit '
'malformed chunked messages to perform request smuggling '
'attacks. Although the vulnerability has a CVSS score of 6.5, '
'denoting a medium severity level, its exploitation could lead '
'to data exposure and inconsistent request handling. '
'Organizations using the affected versions are advised to '
'upgrade and implement security measures to safeguard their '
'systems.',
'impact': {'systems_affected': 'Apache Traffic Server'},
'post_incident_analysis': {'corrective_actions': 'Upgrade and implement '
'security measures',
'root_causes': 'Improper handling of HTTP chunked '
'transfer encoding'},
'recommendations': 'Upgrade and implement security measures',
'response': {'remediation_measures': 'Upgrade and implement security '
'measures'},
'title': 'CVE-2024-53868 in Apache Traffic Server',
'type': 'Vulnerability',
'vulnerability_exploited': 'CVE-2024-53868'}