CVE-2024-53868

HIGH

Apache Traffic Server <9.2.10-10.0.5 - Request Smuggling

Title source: llm

Description

Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

References (2)

Scores

CVSS v3 7.5
EPSS 0.0177
EPSS Percentile 82.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE
CWE-444
Status published

Affected Products (1)

apache/traffic_server < 9.2.10

Timeline

Published Apr 03, 2025
Tracked Since Feb 18, 2026