Main Vulnerability Database Vulnerabilities #VU95786

#VU95786 Input validation error in Apache Traffic Server - CVE-2023-38522

Published: August 12, 2024

Vulnerability identifier: #VU95786

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-38522

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Traffic Server

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected application accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. A remote attacker can perform the request smuggling and cache poisoning attacks.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

#VU95786 Input validation error in Apache Traffic Server - CVE-2023-38522

Description

Remediation

External links

Please verify you're human