CVE-2024-38479

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y

Configurations

No configuration.

History

14 Nov 2024, 19:35

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) Vulnerabilidad de validación de entrada incorrecta en Apache Traffic Server. Este problema afecta a Apache Traffic Server: desde la versión 8.0.0 hasta la 8.1.11, desde la versión 9.0.0 hasta la 9.2.5. Se recomienda a los usuarios que actualicen a la versión 9.2.6, que soluciona el problema, o a la versión 10.0.2, que no lo tiene.

14 Nov 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-14 10:15

Updated : 2024-11-15 13:58

NVD link : CVE-2024-38479

Mitre link : CVE-2024-38479

CVE.ORG link : CVE-2024-38479

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

7.5 /10