CVE-2024-35296

EPSS 0.16%
Veröffentlicht 26.07.2024 10:15:02
Zuletzt bearbeitet 27.03.2025 16:15:23
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Traffic Server Version >= 8.0.0 < 8.1.11

Apache ≫ Traffic Server Version >= 9.0.0 < 9.2.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.377

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-35296

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35296

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35296

EUVD