Lucene search

[email protected]NVD:CVE-2024-35296

HistoryJul 26, 2024 - 10:15 a.m.

CVE-2024-35296

2024-07-2610:15:02

CWE-20

[email protected]

web.nvd.nist.gov

cve-2024-35296

apache traffic server

cache lookup

forwarding requests

upgrade restriction

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS

0.001

Percentile

27.1%

JSON

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Affected configurations

Nvd

Node

apachetraffic_serverRange8.0.0–8.1.11

apachetraffic_serverRange9.0.0–9.2.5

VendorProductVersionCPE
apachetraffic_server*cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	traffic_server	*	cpe:2.3:a:apache:traffic_server::::::::

References

lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS

0.001

Percentile

27.1%

JSON

Related for NVD:CVE-2024-35296

cvelist1 vulnrichment1 ubuntucve1 redhatcve1 debiancve1 osv2 cve1 nessus4 fedora2 openvas3