CVE-2024-53868
Apache Traffic Server: Malformed chunked message body allows request smugglingApache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.
We have discovered 350 live websites that are affected by CVE-2024-53868.
Affected Software
| Product |  ATS |
| Category | Web Servers |
| Vulnerable Domains | 350 live websites (31% of ATS install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 8 versions ( 30% of all versions) |
Common Weakness Enumeration
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')Details
- Published - Apr 3, 2025
- Updated - Apr 18, 2025
Credits
- Jeppe Bonde Weikop (reporter)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-53868 United States | 47 websites |
 China | 124 websites |
 Germany | 109 websites |
 GB | 35 websites |
 Isle of Man | 8 websites |
 France | 7 websites |
 Italy | 7 websites |
 Canada | 4 websites |
 Japan | 2 websites |
 Russia | 2 websites |
Website Distribution by TLD
Number of websites using CVE-2024-53868| .com.cn | 88 websites |
| .com | 72 websites |
| .cn | 22 websites |
| .org | 20 websites |
| .org.uk | 11 websites |
| .it | 11 websites |
| .net | 8 websites |
| .pl | 3 websites |
| .ru | 3 websites |
| .ca | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-53868
Top websites that are affected by CVE-2024-53868. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.************.net | United States | **,*** | |
| ****.******.jp | Japan | **,*** | |
| *********.******.***.cn | China | **,*** | |
| ******.***.cn | China | ***,*** | |
| *****.******.***.cn | China | ***,*** | |
| ***.***.**.uk | GB | ***,*** | |
| ****.******.***.cn | China | ***,*** | |
| *****.****.******.community | Germany | ***,*** | |
| *****.****.******.community | Germany | ***,*** | |
| *****.****.******.community | Germany | ***,*** |
FAQ
CVE-2024-53868 is Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in ATS
A total of 350 websites have been identified as vulnerable to CVE-2024-53868, based on global website indexing conducted by WebTechSurvey.
The ATS is affected by the CVE-2024-53868 vulnerability.
ATS versions up to and including 10.0.4 are vulnerable to CVE-2024-53868.