CVE-2024-35296

EPSS 0.16%
Published 26.07.2024 10:15:02
Last modified 27.03.2025 16:15:23
Source security@apache.org
Teams watchlist Login
Open Login

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Traffic Server Version >= 8.0.0 < 8.1.11

Apache ≫ Traffic Server Version >= 9.0.0 < 9.2.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.377

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-35296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35296

EUVD