DSA-5758-1 Traffic Server Security Update Alert

Introduction

In the realm of digital security, vigilance is paramount. Recently, Apache Traffic Server, widely utilized as both a reverse and forward proxy server, has been the focal point of security concerns due to the discovery of several severe vulnerabilities. These issues could potentially allow attackers to induce denial of service (DoS) or even engage in request smuggling activities. This article aims to provide a comprehensive overview of the vulnerabilities identified under advisory DSA-5758-1 and recommend measures to mitigate these risks.

Understanding the Vulnerabilities

The recent vulnerabilities affecting Apache Traffic Server are described as follows:

  • CVE-2023-38522: Apache Traffic Server was found to accept forbidden characters in HTTP field names, resulting in forwarding of malformed requests to origin servers. Such vulnerabilities pave the way for request smuggling, which could also lead to cache poisoning when the origin servers are vulnerable. Versions from 8.0.0 to 8.1.10 and from 9.0.0 to 9.2.4 are affected.
  • CVE-2024-35161: Malformed HTTP chunked trailer sections being incorrectly forwarded to origin servers can also enable request smuggling. This vulnerability presents a risk of cache poisoning if the origin servers are susceptible. It similarly affects versions from 8.0.0 through 8.1.10 and from 9.0.0 through 9.2.4.
  • CVE-2024-35296: An invalid Accept-Encoding header can cause Apache Traffic Server to fail at cache lookup, leading to forwarding requests which should otherwise be served from the cache. This affects the same range of versions as the above vulnerabilities.

Recommended Actions

For users of Apache Traffic Server, immediate action is recommended to prevent potential exploits:

  • Upgrading Apache Traffic Server: Upgrade to the latest versions — either 8.1.11 or 9.2.5, which have addressed these security vulnerabilities.
  • Configuration Changes: Implement the new setting proxy.config.http.drop_chunked_trailers to stop the forwarding of malformed chunked trailer sections.

Why Updates are Crucial

Staying current with updates is not merely a matter of maintaining software efficiency — it is crucial for security. Updates can prevent not only service disruptions but also security breaches that could lead to significant information or financial losses.

As part of our ongoing efforts to keep you informed on pivotal cybersecurity news, please consider visiting our official site for in-depth information and further assistance.Learn More.