CVE-2024-50305

HIGH

Apache Traffic Server < 9.2.6 - Improper Input Validation

Title source: rule

Description

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0032
EPSS Percentile 54.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-20 CWE-120
Status published

Affected Products (1)

apache/traffic_server < 9.2.6

Timeline

Published Nov 14, 2024
Tracked Since Feb 18, 2026