Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
History

Thu, 14 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache Software Foundation
Apache Software Foundation apache Traffic Server
Weaknesses CWE-120
CPEs cpe:2.3:a:apache_software_foundation:apache_traffic_server:*:*:*:*:*:*:*:*
Vendors & Products Apache Software Foundation
Apache Software Foundation apache Traffic Server
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 10:00:00 +0000

Type Values Removed Values Added
Description Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
Title Apache Traffic Server: Valid Host field value can cause crashes
Weaknesses CWE-20
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-11-14T09:54:20.652Z

Updated: 2024-11-14T18:15:38.823Z

Reserved: 2024-10-21T20:32:08.974Z

Link: CVE-2024-50305

cve-icon Vulnrichment

Updated: 2024-11-14T18:15:30.376Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-14T10:15:08.013

Modified: 2024-11-15T13:58:08.913

Link: CVE-2024-50305

cve-icon Redhat

No data.