CVE-2024-35296

Published: Jul 26, 2024Modified: Nov 3, 2025

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Exploitability: 3.9 / Impact: 4.2

Source: NVD

Description

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

Affected (2)

Products: Apache: Traffic Server

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Traffic Server	From 8.0.0 to 8.1.11
Apache Traffic Server	From 9.0.0 to 9.2.5

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (3)

https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

Source: security@apache.org

Mailing ListVendor Advisory

https://lists.apache.org/thread/c4mcmpblgl8kkmyt56t23543gp8v56m0

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListVendor Advisory

https://lists.debian.org/debian-lts-announce/2024/09/msg00040.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.