Description: Apache Traffic Server is vulnerable to request smuggling and DoS
CVE: CVE-2023-38522 - Incomplete field name check allows request smuggling CVE-2024-35161 - Incomplete check for chunked trailer section allows request smuggling CVE-2024-35296 - Invalid Accept-Encoding can force forwarding requests Reported By: Ben Kallus (CVE-2023-38522) Keran Mu (CVE-2024-35161) Min Chen (CVE-2024-35296) Vendor: The Apache Software Foundation Version Affected: ATS 8.0.0 to 8.1.10 ATS 9.0.0 to 9.2.4 Mitigation: 8.x users should upgrade to 8.1.11 or later versions 9.x users should upgrade to 9.2.5 or later versions CVE: https://www.cve.org/CVERecord?id=CVE-2023-38522 https://www.cve.org/CVERecord?id=CVE-2024-35161 https://www.cve.org/CVERecord?id=CVE-2024-35296 -- Masakazu
