CVE-2024-38479

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:traffic_server::::::::
	cpe:2.3:a:apache:traffic_server::-::::::*

History

03 Jun 2025, 21:21

Type	Values Removed	Values Added
References	~~() https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y -~~	() https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y - Mailing List, Vendor Advisory
CPE		cpe:2.3:a:apache:traffic_server::-::::::* cpe:2.3:a:apache:traffic_server::::::::
First Time		Apache traffic Server Apache
CWE		NVD-CWE-noinfo

Information

Published : 2024-11-14 10:15

Updated : 2025-06-03 21:21

NVD link : CVE-2024-38479

Mitre link : CVE-2024-38479

CVE.ORG link : CVE-2024-38479

JSON object : View

Products Affected

apache

traffic_server

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2024-38479", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-14T10:15:05.347", "references": [{"url": "https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5.\n\nUsers are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue."}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Traffic Server. Este problema afecta a Apache Traffic Server: desde la versi\u00f3n 8.0.0 hasta la 8.1.11, desde la versi\u00f3n 9.0.0 hasta la 9.2.5. Se recomienda a los usuarios que actualicen a la versi\u00f3n 9.2.6, que soluciona el problema, o a la versi\u00f3n 10.0.2, que no lo tiene."}], "lastModified": "2025-06-03T21:21:32.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72142E65-70B2-4286-8493-CCB14C0DF898", "versionEndIncluding": "8.1.11", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:apache:traffic_server:*:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BC975AD-BDA9-4FE0-AAB0-7529EED6B114", "versionEndExcluding": "9.2.6", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}