CVE-2024-35296

EPSS 0.12%
Veröffentlicht 26.07.2024 10:15:02
Zuletzt bearbeitet 03.11.2025 22:16:56
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Traffic Server Version >= 8.0.0 < 8.1.11

Apache ≫ Traffic Server Version >= 9.0.0 < 9.2.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.322

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

Vendor Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html

https://nvd.nist.gov/vuln/detail/CVE-2024-35296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35296

EUVD