CVE-2024-38479

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y	Mailing List Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/02/msg00018.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:traffic_server::::::::
	cpe:2.3:a:apache:traffic_server::-::::::*

History

03 Nov 2025, 21:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/02/msg00018.html -

Information

Published : 2024-11-14 10:15

Updated : 2025-11-03 21:16

NVD link : CVE-2024-38479

Mitre link : CVE-2024-38479

CVE.ORG link : CVE-2024-38479

JSON object : View

Products Affected

apache

traffic_server

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2024-38479", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-14T10:15:05.347", "references": [{"url": "https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y", "tags": ["Mailing List", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation vulnerability in Apache Traffic Server.\n\nThis issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5.\n\nUsers are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue."}, {"lang": "es", "value": "Vulnerabilidad de validaci\u00f3n de entrada incorrecta en Apache Traffic Server. Este problema afecta a Apache Traffic Server: desde la versi\u00f3n 8.0.0 hasta la 8.1.11, desde la versi\u00f3n 9.0.0 hasta la 9.2.5. Se recomienda a los usuarios que actualicen a la versi\u00f3n 9.2.6, que soluciona el problema, o a la versi\u00f3n 10.0.2, que no lo tiene."}], "lastModified": "2025-11-03T21:16:14.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72142E65-70B2-4286-8493-CCB14C0DF898", "versionEndIncluding": "8.1.11", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:apache:traffic_server:*:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BC975AD-BDA9-4FE0-AAB0-7529EED6B114", "versionEndExcluding": "9.2.6", "versionStartIncluding": "9.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}