CVE-2024-35296

HIGH

Apache Traffic Server < 8.1.11 - Improper Input Validation

Title source: rule

Description

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

References (2)

Scores

CVSS v3 8.2
EPSS 0.0012
EPSS Percentile 31.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Classification

CWE
CWE-20
Status published

Affected Products (1)

apache/traffic_server < 8.1.11

Timeline

Published Jul 26, 2024
Tracked Since Feb 18, 2026