Katsutoshi Ikenoya

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 9.0.0 through 9.2.12 and 10.0.0 through 10.1.1 Description Apache Traffic Server is susceptible to request smuggling when handling malformed chunked messages. This can potentially lead to various security issues. Recommendations Upgrade to version 9.2.13 or 10.1.2.

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions through 9.2.1 **Description** The issue is caused by improper input validation in the Range Header Handler component of the Apache Traffic Server. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions through 9.2.1, update to a version later than 9.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the Range Header Handler component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 7.0.0 through 7.1.12 Apache Traffic Server versions 8.0.0 through 8.1.1 Apache Traffic Server versions 9.0.0 through 9.0.1 **Description** The issue is caused by improper input validation in the HTTP/2 component of Apache Traffic Server. This allows a remote attacker to cause a denial of service. **Recommendations** For Apache Traffic Server versions 7.0.0 through 7.1.12, update to a version outside of this range to resolve the issue. For Apache Traffic Server versions 8.0.0 through 8.1.1, update to a version outside of this range to resolve the issue. For Apache Traffic Server versions 9.0.0 through 9.0.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the HTTP/2 component until a patch is available.