7.5
CVE-2024-31309
- EPSS 10.85%
- Veröffentlicht 10.04.2024 12:15:09
- Zuletzt bearbeitet 04.11.2025 19:17:08
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Traffic Server: HTTP/2 CONTINUATION frames can be utilized for DoS attack
HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute. ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ Traffic Server Version >= 8.0.0 < 8.1.10
Apache ≫ Traffic Server Version >= 9.0.0 < 9.2.4
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version38
Fedoraproject ≫ Fedora Version39
Fedoraproject ≫ Fedora Version40
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.85% | 0.934 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.