PT-2024-9209 · Apache+1 · Apache Traffic Server+1

Bryan Call

Published

2024-11-12

Updated

2026-01-09

CVE-2024-38479

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 8.0.0 through 8.1.11 Apache Traffic Server versions 9.0.0 through 9.2.5

Description: The issue is related to improper input validation, which can allow a remote attacker to implement a cache poisoning attack. This is a result of insufficient checking of input data.

Recommendations: For versions 8.0.0 through 8.1.11, upgrade to version 9.2.6 or 10.0.2 to fix the issue. For versions 9.0.0 through 9.2.5, upgrade to version 9.2.6 or 10.0.2 to fix the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2024-10897

CVE-2024-38479

DLA-4055-1

DSA-5896-1

OESA-2024-2470

OESA-2026-1019

Affected Products

Apache Traffic Server

Debian

PT-2024-9209 · Apache+1 · Apache Traffic Server+1

CVE-2024-38479

Weakness Enumeration

Related Identifiers

Affected Products

References · 36