Min Chen

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions 8.0.0 through 8.1.10 Apache Traffic Server versions 9.0.0 through 9.2.4 **Description** The issue is related to insufficient input validation, allowing a remote attacker to execute arbitrary requests using the HTTP Accept-Encoding header. An invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. **Recommendations** For Apache Traffic Server versions 8.0.0 through 8.1.10, upgrade to version 8.1.11. For Apache Traffic Server versions 9.0.0 through 9.2.4, upgrade to version 9.2.5. As a temporary workaround, consider restricting the use of the Accept-Encoding header in HTTP requests to minimize the risk of exploitation.