PT-2024-9207 · Apache+1 · Apache Traffic Server+1

Jeffrey Bencteux

Published

2024-11-12

Updated

2026-01-23

CVE-2024-50306

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 9.2.0 through 9.2.5 Apache Traffic Server versions 10.0.0 through 10.0.1

Description: The issue is related to an unchecked return value that can allow Apache Traffic Server to retain privileges on startup. This can be exploited by a remote attacker to elevate their privileges. Users are recommended to upgrade to a fixed version.

Recommendations: For Apache Traffic Server versions 9.2.0 through 9.2.5, upgrade to version 9.2.6. For Apache Traffic Server versions 10.0.0 through 10.0.1, upgrade to version 10.0.2.

Fix

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-273

Related Identifiers

BDU:2024-10895

CVE-2024-50306

DLA-4055-1

DSA-5896-1

OESA-2024-2470

OESA-2026-1197

Affected Products

Apache Traffic Server

Debian

PT-2024-9207 · Apache+1 · Apache Traffic Server+1

CVE-2024-50306

Weakness Enumeration

Related Identifiers

Affected Products

References · 33