Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN205

_____________________________________________________________________

DATE                : 04/04/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running ATS versions prior to 9.2.10,
                                        10.0.5.

=====================================================================
https://lists.apache.org/thread/1rf85v1ckn3smz1fhy8kbvc5g21fwtkt
_____________________________________________________________________

[ANNOUNCE] ATS is vulnerable to request smuggling via chunked messages

Description:
ATS is vulnerable to request smuggling via chunked messages

CVE:
CVE-2024-53868 - Chunked message body allows request smuggling


Reported By:
Jeppe Bonde Weikop (CVE-2024-53868)


Vendor:
The Apache Software Foundation

Version Affected:
ATS 9.0.0 to 9.2.9
ATS 10.0.0 to 10.0.4


Mitigation:
9.x users should upgrade to 9.2.10 or later versions
10.x users should upgrade to 10.0.5 or later versions


CVE:
https://www.cve.org/CVERecord?id=CVE-2024-53868



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================