PT-2025-9863 · Apache+1 · Apache Traffic Server+1
Ben Kallus
·
Published
2025-03-05
·
Updated
2025-04-05
·
CVE-2024-38311
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Traffic Server versions 8.0.0 through 8.1.11
Apache Traffic Server versions 9.0.0 through 9.2.8
Apache Traffic Server versions 10.0.0 through 10.0.3
Description
The issue is related to Improper Input Validation. Users are advised to upgrade to resolve the issue.
Recommendations
Upgrade to version 9.2.9 or 10.0.4 to fix the issue.
Fix
RCE
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Traffic Server
Debian