Home > Vulnerability Database > CVE-2023-38522

Mend.io Vulnerability Database

CVE-2023-38522

Date: July 26, 2024

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Language: C++

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-38522

Url: https://security-tracker.debian.org/tracker/CVE-2023-38522

Url: https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

Url: https://www.mend.io/vulnerability-database/CVE-2023-38522

Severity Score

7.5

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-444

Improper Input Validation

CWE-20

Improper Neutralization of Invalid Characters in Identifiers in Web Pages

CWE-86

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-38522

Date: July 26, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?