Apache Traffic Server 8.0.0-9.0.2 Cache Poison via TE Header
CVE-2022-31778 Published on August 10, 2022
Transfer-Encoding not treated as hop-by-hop
Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2022-31778
stack.watch emails you whenever new vulnerabilities are published in Apache Traffic Server or Debian Linux. Just hit a watch button to start following.
Affected Versions
Apache Software Foundation Apache Traffic Server Version 8.0.0 to 9.0.2 is affected by CVE-2022-31778Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.