Engin Kirda

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions through 9.2.1 **Description** The issue is related to improper input validation in Apache Traffic Server, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions through 9.2.1, update to a version later than 9.2.1 to resolve the issue. As a temporary workaround, consider restricting input validation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 8.0.0 through 9.1.2 **Description** The issue is related to improper input validation in HTTP/2 frame handling, which can be exploited by an attacker to smuggle requests. This can potentially allow a remote attacker to execute arbitrary code due to weaknesses in handling HTTP requests. **Recommendations** For Apache Traffic Server versions 8.0.0 through 9.1.2, update to a version that includes the fix for this issue to prevent request smuggling and potential code execution. As a temporary workaround, consider restricting access to the HTTP/2 frame handling module until a patch is available.