Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Traffic Server Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability - CVE-2023-38522 - Vulnerability Database
Apache Traffic Server

Apache Traffic Server Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability - CVE-2023-38522

High
Reference: CVE-2023-38522
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-38522
Title: Apache Traffic Server Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling) Vulnerability
Overview:

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10 from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5 which fixes the issue.