{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T20:13:58.164","vulnerabilities":[{"cve":{"id":"CVE-2024-35161","sourceIdentifier":"security@apache.org","published":"2024-07-26T10:15:02.567","lastModified":"2025-11-03T22:16:55.883","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.\n\nUsers can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section.\nUsers are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue."},{"lang":"es","value":"Apache Traffic Server reenvía la sección fragmentada HTTP mal formada a los servidores de origen. Esto se puede utilizar para el contrabando de solicitudes y también puede provocar un envenenamiento de la caché si los servidores de origen son vulnerables. Este problema afecta a Apache Traffic Server: desde la versión 8.0.0 hasta la 8.1.10, desde la versión 9.0.0 hasta la 9.2.4. Los usuarios pueden establecer una nueva configuración (proxy.config.http.drop_chunked_trailers) para no reenviar la sección fragmentada del tráiler. Se recomienda a los usuarios que actualicen a la versión 8.1.11 o 9.2.5, que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.1.11","matchCriteriaId":"E4F8362B-1EAE-453D-B231-744F00ED33BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.2.5","matchCriteriaId":"5DEB7909-4350-4D44-BAA2-72BEF6E132C1"}]}]}],"references":[{"url":"https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}