CVE-2024-38479

HIGH

Apache Traffic Server <9.2.11 - Info Disclosure

Title source: llm

Description

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

References (2)

[Mailing List, Vendor Advisory] https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/02/msg00018.html

Scores

CVSS v3 7.5

EPSS 0.0057

EPSS Percentile 68.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-20

Status published

Affected Products (2)

apache/traffic_server < 8.1.11

apache/traffic_server < 9.2.6

Timeline

Published Nov 14, 2024

Tracked Since Feb 18, 2026