CVE-2024-38311

CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.3MEDIUM

EPSS

0.3%

top 49.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Traffic Server Apache Software Foundation Apache Traffic Server

Timeline

PublishedMar 6

Description

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

▶NVDapache/traffic_server9.0.0 — 9.2.9+1

▶CVEListV5apache_software_foundation/apache_traffic_server8.0.0 — 8.1.11+2

▶Debiantrafficserver< 9.2.5+ds-0+deb12u2

🔴Vulnerability Details

OSV

CVE-2024-38311: Improper Input Validation vulnerability in Apache Traffic Server↗2025-03-06

▶

CVEList

Apache Traffic Server: Request smuggling via pipelining after a chunked message body↗2025-03-06

▶

GHSA

GHSA-53v8-xp2g-qpcw: Improper Input Validation vulnerability in Apache Traffic Server↗2025-03-06

▶

📋Vendor Advisories

Debian

CVE-2024-38311: trafficserver - Improper Input Validation vulnerability in Apache Traffic Server. This issue af...↗2024

▶