Apache Traffic Server Vulnerability Affects Cache Lookup and Forwarding Requests
CVE-2024-35296

8.2HIGH

Key Information:

Vendor: Apache
Status: Apache Traffic Server
Vendor: CVE Published:; 26 July 2024

What is CVE-2024-35296?

A vulnerability exists in Apache Traffic Server that arises from an invalid Accept-Encoding header, causing disruptions in cache lookup processes. This flaw can result in forced request forwarding, which may inadvertently expose systems to operational inefficiencies or security risks. It affects multiple versions of Apache Traffic Server, specifically from 8.0.0 through 8.1.10 and from 9.0.0 through 9.2.4. To mitigate potential impacts, users are strongly advised to update to versions 8.1.11 or 9.2.5, which contain the necessary patches to address this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Traffic Server 8.0.0 <= 8.1.10

Apache Traffic Server 9.0.0 <= 9.2.4

References

https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543g...

vendor-advisory

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 26, 2024
Vulnerability Reserved
May 15, 2024

Credit

Min Chen

JSON

Apache

What is CVE-2024-35296?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.