ByteOS Network

CVE Vulnerability Details :

CVE-2025-58136

PUBLISHED

More Info Official Page

Assigner-apache

Assigner Org ID-f0158376-9dc2-43b6-827c-5f631a4d8d09

Published At-02 Apr, 2026 | 15:54

Updated At-02 Apr, 2026 | 18:13

▼CVE Numbering Authority (CNA)

Apache Traffic Server: A simple legitimate POST request causes a crash

A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0.0 through 10.1.1, from 9.0.0 through 9.2.12. Users are recommended to upgrade to version 10.1.2 or 9.2.13, which fix the issue. A workaround for older versions is to set proxy.config.http.request_buffer_enabled to 0 (the default value is 0).

Affected Products

Vendor

The Apache Software Foundation

Product

Apache Traffic Server

Default Status

unaffected

Versions

Affected

From 10.0.0 through 10.1.1 (semver)
From 9.0.0 through 9.2.12 (semver)

Problem Types

Type	CWE ID	Description
CWE	CWE-670	CWE-670 Always-Incorrect Control Flow Implementation

Type: CWE

CWE ID: CWE-670

Description: CWE-670 Always-Incorrect Control Flow Implementation

Metrics Other Info

Textual description of severity

text:

moderate

References

Hyperlink	Resource
https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q	vendor-advisory

Hyperlink: https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References