Apache Traffic Server Crash: Update to 9.2.6 or 10.0.2 to Avoid Issues
CVE-2024-50305

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Traffic Server
Vendor: CVE Published:; 14 November 2024

Summary

Valid Host header field can cause Apache Traffic Server to crash on some platforms.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5.

Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

Affected Version(s)

Apache Traffic Server 9.2.0 <= 9.2.5

References

https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh...

vendor-advisory

Timeline

Vulnerability published
Nov 14, 2024
Vulnerability Reserved
Oct 21, 2024

.