Rewterz Annual Threat Intelligence Report 2025 - Download Now

Request a Demo
Rewterz

Targeted Social Engineering Campaign Against Saudi Arabia – Active IOCs

April 6, 2026
Rewterz

2,000 FortiClient EMS Exposed to Active RCE Exploits

April 6, 2026

Apache Traffic Server Bugs Enable DoS Attacks

Severity

High

Analysis Summary

The Apache Software Foundation has issued urgent security updates to address two critical vulnerabilities in Apache Traffic Server, a high-performance proxy caching solution widely used in enterprise environments to manage and optimize large volumes of web traffic. These vulnerabilities originate from improper handling of HTTP requests with message bodies, exposing affected systems to serious risks, including Denial-of-Service (DoS) conditions and advanced HTTP request smuggling attacks.

The first and most severe flaw, tracked as CVE-2025-58136, allows attackers to crash the ATS application using a simple and legitimate HTTP POST request. Since POST requests are commonly used in normal web operations, this vulnerability is highly exploitable remotely without requiring complex techniques. Successful exploitation results in an immediate DoS condition, taking down the proxy server and disrupting access for all users dependent on the affected infrastructure.

The second vulnerability, identified as CVE-2025-65114, involves improper processing of malformed chunked message bodies. This flaw enables HTTP request smuggling attacks, where attackers manipulate how multiple HTTP requests are interpreted by servers. By exploiting this, threat actors can bypass security controls, poison web caches, and potentially gain unauthorized access to sensitive data on backend systems, making it a highly dangerous and stealthy attack vector.

These vulnerabilities impact multiple versions of Apache Traffic Server, specifically versions 9.0.0 through 9.2.12 and 10.0.0 through 10.1.1. The Apache Software Foundation strongly advises administrators to upgrade immediately to secure versions 9.1.13+ for the 9.x branch and 10.1.2+ for the 10.x branch. While a temporary mitigation exists for the DoS issue by ensuring the proxy.config.http.request_buffer_enabled parameter is set to 0 (which is already the default), there is no workaround for the request smuggling vulnerability. Therefore, applying the latest updates is the only complete and effective solution to protect systems from these threats.

Impact

  • Sensitive Data Theft
  • Denial of Service
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2025-58136

  • CVE-2025-65114

Remediation

  • Immediately upgrade Apache Traffic Server to secure versions (9.1.13+ for 9.x branch and 10.1.2+ for 10.x branch).
  • Prioritize patching systems vulnerable to CVE-2025-58136 and CVE-2025-65114
  • Verify that proxy.config.http.request_buffer_enabled is set to 0 to mitigate potential DoS crashes.
  • Apply strict input validation and filtering on incoming HTTP requests, especially POST requests and chunked message bodies.
  • Deploy Web Application Firewall (WAF) rules to detect and block malformed or suspicious HTTP requests.
  • Monitor server logs and network traffic for unusual patterns indicating DoS attempts or request smuggling activity.
  • Restrict direct external access to ATS servers and place them behind secure network layers where possible.
  • Implement rate limiting to reduce the risk of abuse through repeated malicious requests
  • Conduct regular vulnerability scanning and patch management to ensure systems remain updated.
  • Establish incident response procedures to quickly detect, isolate, and recover from potential exploitation attempts.