7.5
CVE-2025-58136
- EPSS 0.67%
- Veröffentlicht 02.04.2026 15:54:47
- Zuletzt bearbeitet 06.04.2026 16:06:11
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Traffic Server: A simple legitimate POST request causes a crash
A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Traffic Server Version >= 9.0.0 < 9.2.13
Apache ≫ Traffic Server Version >= 10.0.0 < 10.1.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.472 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-670 Always-Incorrect Control Flow Implementation
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q