Apache Traffic Server 8.0.09.2.4: HTTP Field Name Smuggling Vulnerability
CVE-2023-38522 Published on July 26, 2024

Apache Traffic Server: Incomplete field name check allows request smuggling
Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-38522 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

What is a HTTP Request Smuggling Vulnerability?

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

CVE-2023-38522 has been classified to as a HTTP Request Smuggling vulnerability or weakness.


Products Associated with CVE-2023-38522

Want to know whenever a new CVE is published for Apache Traffic Server? stack.watch will email you.

Apache Traffic Server
 

Affected Versions

Apache Software Foundation Apache Traffic Server: apache traffic_server: apache traffic_server:

Exploit Probability

EPSS
0.29%
Percentile
52.35%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.