Search for vulnerabilities
Vulnerability details: VCID-4wv5-y778-cydd
Vulnerability ID VCID-4wv5-y778-cydd
Aliases CVE-2024-53868
Summary Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
System Score Found at
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
epss 0.0033 https://api.first.org/data/v1/epss?cve=CVE-2024-53868
cvssv3.1 7.5 https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9
ssvc Track https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-53868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53868
http://www.openwall.com/lists/oss-security/2025/04/02/4
1101996 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101996
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
CVE-2024-53868 https://nvd.nist.gov/vuln/detail/CVE-2024-53868
rwyx91rsrnmpjbm04footfjjf6m9d1c9 https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-18T14:37:32Z/ Found at https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9
Exploit Prediction Scoring System (EPSS)
Percentile 0.458
EPSS Score 0.0023
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:45:23.931279+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/edge/community.json 37.0.0