Search for vulnerabilities
Vulnerability details: VCID-ux2d-92n5-aaan
Vulnerability ID VCID-ux2d-92n5-aaan
Aliases CVE-2024-35161
Summary Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35161.json
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00178 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00257 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00403 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00448 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00543 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00589 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00602 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00602 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00602 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00602 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00602 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00602 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00602 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00602 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00635 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.00655 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
epss 0.01823 https://api.first.org/data/v1/epss?cve=CVE-2024-35161
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-35161
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-35161
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35161.json
https://api.first.org/data/v1/epss?cve=CVE-2024-35161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35161
https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0
1077141 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077141
2300035 https://bugzilla.redhat.com/show_bug.cgi?id=2300035
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
CVE-2024-35161 https://nvd.nist.gov/vuln/detail/CVE-2024-35161
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-35161.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-35161
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-35161
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.55766
EPSS Score 0.00178
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-07-25T22:50:39.357301+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc4