CVE-2024-53868

CVE-2024-53868: Apache Traffic Server: Malformed chunked message body allows request smuggling

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-444

Published April 3, 2025

Last update April 18, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

Key dates

Disclosure timeline

April 3, 2025 CVE published

April 18, 2025 Record updated

Identifiers

CVE CVE-2024-53868

CWE CWE-444

Affected versions

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 9.2.0 and ≤ 9.2.9

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 10.0.0 and ≤ 10.0.4