Home > Vulnerability Database > CVE-2024-35161

Mend.io Vulnerability Database

CVE-2024-35161

Date: July 26, 2024

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Language: C++

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-35161

Url: https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

Url: https://security-tracker.debian.org/tracker/CVE-2024-35161

Url: https://www.mend.io/vulnerability-database/CVE-2024-35161

Severity Score

7.5

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-444

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-35161

Date: July 26, 2024

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?