CVE-2024-38311

CVE-2024-38311: Apache Traffic Server: Request smuggling via pipelining after a chunked message body

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-20 · Input validation

Published March 6, 2025

Last update March 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.

Key dates

Disclosure timeline

March 6, 2025 CVE published

March 6, 2025 Record updated

Identifiers

CVE CVE-2024-38311

CWE CWE-20

Affected versions

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 8.0.0 and ≤ 8.1.11

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 9.0.0 and ≤ 9.2.8

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 10.0.0 and ≤ 10.0.3