Detections
Analytics

Apache Traffic Server 8.x < 8.1.11 / 9.x < 9.2.5 Multiple Vulnerabilities

critical Nessus Plugin ID 205310

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

According to its self reported version, the remote Apache Traffic Server install is affected by multiple vulnerabilities.

 - Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. (CVE-2024-35161)

 - Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. (CVE-2023-38522)

 - Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests (CVE-2024-35296)

Note that Nessus did not actually test for these issues, but instead has relied on the version found in the server's banner.

Solution

Upgrade to Apache Traffic Server version 8.1.11, 9.2.5 or later.

See Also

http://www.nessus.org/u?e24f11c1

Plugin Details

Severity: Critical

ID: 205310

File Name: apache_ats_9_2_5.nasl

Version: 1.1

Type: remote

Family: Web Servers

Published: 8/9/2024

Updated: 8/9/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2024-35161

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: cpe:/a:apache:traffic_server

Required KB Items: installed_sw/Apache Traffic Server

Patch Publication Date: 7/25/2024

Vulnerability Publication Date: 7/25/2024

Reference Information

CVE: CVE-2023-38522, CVE-2024-35161, CVE-2024-35296