CVE-2024-38479

🗓️ 14 Nov 2024 09:52:14Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 71 Views

Improper Input Validation vulnerability in Apache Traffic Server version 8.0.0 through 8.1.11, 9.0.0 through 9.2.5. Upgrade to version 9.2.6 or 10.0.2

Reporter	Title	Published	Views	Family All 38
AlpineLinux	CVE-2024-38479	14 Nov 202409:52	–	alpinelinux
BDU FSTEC	The vulnerability of the Cache Key Manipulation Plugin for the Apache Traffic Server allows a attacker to execute a cache poisoning attack.	9 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-38479	14 Nov 202411:38	–	circl
CNNVD	Apache Traffic Server 输入验证错误漏洞	14 Nov 202400:00	–	cnnvd
CNVD	Apache Traffic Server Input Validation Error Vulnerability (CNVD-2024-46272)	21 Nov 202400:00	–	cnvd
Cvelist	CVE-2024-38479 Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack	14 Nov 202409:52	–	cvelist
Debian	[SECURITY] [DLA 4055-1] trafficserver security update	16 Feb 202501:08	–	debian
Debian	[SECURITY] [DSA 5896-1] trafficserver security update	5 Apr 202513:15	–	debian
Debian CVE	CVE-2024-38479	14 Nov 202409:52	–	debiancve
Tenable Nessus	Debian dla-4055 : trafficserver - security update	16 Feb 202500:00	–	nessus

NVD

Vulners

Vulnrichment

Node

apache traffic_serverRange8.0.0–8.1.11

apache traffic_serverRange9.0.0–9.2.6-

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Traffic Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "8.1.11",
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.2.5",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y
lists	www.lists.debian.org/debian-lts-announce/2025/02/msg00018.html

03 Nov 2025 21:16Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.00688

SSVC

CWE-20