CVE-2024-56202

CWE-4405 documents5 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 62.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Traffic Server Apache Software Foundation Apache Traffic Server

Timeline

PublishedMar 6

Description

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDapache/traffic_server9.0.0 — 9.2.9+1

▶CVEListV5apache_software_foundation/apache_traffic_server9.0.0 — 9.2.8+1

▶Debiantrafficserver< 9.2.5+ds-0+deb12u2

🔴Vulnerability Details

CVEList

Apache Traffic Server: Expect header field can unreasonably retain resource↗2025-03-06

▶

GHSA

GHSA-mp92-g2h5-gx86: Expected Behavior Violation vulnerability in Apache Traffic Server↗2025-03-06

▶

OSV

CVE-2024-56202: Expected Behavior Violation vulnerability in Apache Traffic Server↗2025-03-06

▶

📋Vendor Advisories

Debian

CVE-2024-56202: trafficserver - Expected Behavior Violation vulnerability in Apache Traffic Server. This issue ...↗2024

▶