Apache Traffic Server Vulnerability Affects Cache Lookup and Forwarding Requests

CVE-2024-35296

8.2HIGH

Key Information

Vendor
Apache
Status
Apache Traffic Server
Vendor
CVE Published:
26 July 2024

Summary

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests.

This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4.

Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Affected Version(s)

Apache Traffic Server <= 8.1.10

Apache Traffic Server <= 9.2.4

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Min Chen
.