How severe is CVE-2024-35161?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2024-35161?

This is classified as CWE-444, which is a common weakness in software security.

CVE-2024-35161 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Related Vulnerabilities

CVE-2018-21245

CRITICAL

CVSS:9.1(Critical)

Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.

CWE-4442018

CVE-2018-3907

CRITICAL

CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles pip...

CWE-4442018

CVE-2018-3908

CRITICAL

CVSS:9.1(Critical)

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipel...

CWE-4442018

CVE-2018-3909

CRITICAL

CVSS:9.1(Critical)

CWE-4442018

CVE-2019-20444

CRITICAL

CVSS:9.1(Critical)

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid...

CWE-4442019

CVE-2019-20445

CRITICAL

CVSS:9.1(Critical)

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CWE-4442019