Description: Apache Traffic Server is vulnerable to specific user inputs CVE: CVE-2024-38479 - Cache key plugin is vulnerable to cache poisoning attack CVE-2024-50305 - Valid Host field value can cause crashes CVE-2024-50306 - Server process can fail to drop privilege
Reported By: Bryan Call (CVE-2024-38479) Masakazu Kitajo (CVE-2024-50305) Jeffrey BENCTEUX (CVE-2024-50306) Vendor: The Apache Software Foundation Version Affected: ATS 9.0.0 to 9.2.5 (CVE-2024-38479, CVE-2024-50305, CVE-2024-50306) ATS 10.0.0 to 10.0.1 (CVE-2024-50306) Mitigation: 9.x users should upgrade to 9.2.6 or later versions 10.x users should upgrade to 10.0.2 or later versions CVE: https://www.cve.org/CVERecord?id=CVE-2024-38479 https://www.cve.org/CVERecord?id=CVE-2024-50305 https://www.cve.org/CVERecord?id=CVE-2024-50306
