Keran Mu

Nome do software vulnerável e versões afetadas: Apache Traffic Server, versões 8.0.0 a 8.1.10 Apache Traffic Server, versões 9.0.0 a 9.2.4 Descrição: O problema decorre do fato de o Apache Traffic Server encaminhar seções de trailer fragmentadas HTTP malformadas para servidores de origem, o que pode ser utilizado para contrabando de solicitações e também pode levar ao envenenamento de cache se os servidores de origem estiverem vulneráveis. Recomendações: Para resolver o problema nas versões 8.0.0 a 8.1.10, atualize para a versão 8.1.11. Para resolver o problema nas versões 9.0.0 a 9.2.4, atualize para a versão 9.2.5. Como solução alternativa temporária, considere definir a nova configuração `proxy.config.http.drop chunked trailers` para impedir o encaminhamento da seção de trailer fragmentado.

**Name of the Vulnerable Software and Affected Versions** Squid (affected versions not specified) **Description** The issue is related to the chunked decoder of the Squid proxy server, which is associated with the server's interpretation of fragmented syntax encoding. This can allow a remote attacker to perform Request/Response smuggling past firewall and frontend security systems, potentially enabling direct interaction with the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 11.0.0-M1 through 11.0.0-M11 Apache Tomcat versions 10.1.0-M1 through 10.1.13 Apache Tomcat versions 9.0.0-M1 through 9.0.81 Apache Tomcat versions 8.5.0 through 8.5.93 **Description** The issue is related to improper input validation in Apache Tomcat, where the server does not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a reverse proxy. **Recommendations** Upgrade to version 11.0.0-M12 onwards Upgrade to version 10.1.14 onwards Upgrade to version 9.0.81 onwards Upgrade to version 8.5.94 onwards

**Name of the Vulnerable Software and Affected Versions** Gevent versions prior to 23.9.1 Gevent version 23.9.0 **Description** The issue in Gevent is related to insufficient validation of executed requests in the WSGIServer component, allowing a remote attacker to escalate privileges via a crafted script. This can impact the integrity, availability, and confidentiality of protected information. **Recommendations** For Gevent versions prior to 23.9.1, update to version 23.9.1 or later to resolve the issue. For Gevent version 23.9.0, update to version 23.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the WSGIServer component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** protocol-http1 versions prior to 0.15.1 **Description** The issue is related to the implementation of the HTTP/1 protocol in protocol-http1, specifically with the handling of HTTP requests. The problem arises from the acceptance of non-standard formats for the Content-Length header and chunk size, which can lead to desynchronization when forwarding through multiple HTTP parsers. This can potentially result in HTTP request smuggling and firewall bypassing. The behavior does not follow the corresponding RFCs, which define the format for chunk size, chunk data, and chunk extension. There are no known real-world exploits or practical attacks reported. **Recommendations** For protocol-http1 versions prior to 0.15.1, update to version 0.15.1 or later to fix the issue. As a temporary workaround, consider restricting the use of the `Content-Length` header and chunk size to standard formats to minimize the risk of exploitation. Avoid using the `+` prefix and `0x` prefix in the `Content-Length` header and chunk size until the issue is resolved. Restrict access to the vulnerable `protocol-http1` module to minimize the risk of exploitation.