Apache Traffic Server Vulnerability Affects Cache Lookup and Forwarding Requests
CVE-2024-35296
8.2HIGH
Summary
Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.
This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.
Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.
Affected Version(s)
Apache Traffic Server <= 8.1.10
Apache Traffic Server <= 9.2.4
References
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database
Credit
Min Chen