CVE-2024-35296 Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests

2024-07-2609:11:11

CWE-20

apache

github.com

cve-2024-35296

apache traffic server

accept-encoding

cache lookup

request forwarding

upgrade

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

27.1%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache Traffic Server",
    "versions": [
      {
        "status": "affected",
        "version": "8.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "8.1.10"
      },
      {
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "9.2.4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]