CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53868 – Apache Traffic Server: Malformed chunked message body allows request smuggling
https://notcve.org/view.php?id=CVE-2024-53868
03 Apr 2025 — Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue. • https://lists.apache.org/thread/rwyx91rsrnmpjbm04footfjjf6m9d1c9 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38311 – Apache Traffic Server: Request smuggling via pipelining after a chunked message body
https://notcve.org/view.php?id=CVE-2024-38311
06 Mar 2025 — Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. • https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56195 – Apache Traffic Server: Intercept plugins are not access controlled
https://notcve.org/view.php?id=CVE-2024-56195
06 Mar 2025 — Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. • https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56196 – Apache Traffic Server: ACL is not fully compatible with older versions
https://notcve.org/view.php?id=CVE-2024-56196
06 Mar 2025 — Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue. • https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56202 – Apache Traffic Server: Expect header field can unreasonably retain resource
https://notcve.org/view.php?id=CVE-2024-56202
06 Mar 2025 — Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue. • https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023 • CWE-440: Expected Behavior Violation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50306 – Apache Traffic Server: Server process can fail to drop privilege
https://notcve.org/view.php?id=CVE-2024-50306
14 Nov 2024 — Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue. Un valor de retorno sin marcar puede permitir que Apache Traffic Server conserve privilegios al iniciarse. Este problema afecta a Apache Traffic Server: de la versión 9.2.0 a la 9.2.5 y de la versión 10.0.0 a la 10.0.1. • https://lists.apache.org/thread/y15fh6c7kyqvzm0f9odw7c5jh4r4np0y • CWE-252: Unchecked Return Value •