Valid Host header field can cause Apache Traffic Server to crash on some platforms.

This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5.

Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00886}

epss

{'score': 0.00682}


Wed, 04 Jun 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache traffic Server
CPEs cpe:2.3:a:apache:traffic_server:*:-:*:*:*:*:*:*
Vendors & Products Apache
Apache traffic Server

Thu, 14 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache Software Foundation
Apache Software Foundation apache Traffic Server
Weaknesses CWE-120
CPEs cpe:2.3:a:apache_software_foundation:apache_traffic_server:*:*:*:*:*:*:*:*
Vendors & Products Apache Software Foundation
Apache Software Foundation apache Traffic Server
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Nov 2024 10:00:00 +0000

Type Values Removed Values Added
Description Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.
Title Apache Traffic Server: Valid Host field value can cause crashes
Weaknesses CWE-20
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-11-14T18:15:38.823Z

Reserved: 2024-10-21T20:32:08.974Z

Link: CVE-2024-50305

cve-icon Vulnrichment

Updated: 2024-11-14T18:15:30.376Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-14T10:15:08.013

Modified: 2025-06-04T16:15:49.817

Link: CVE-2024-50305

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.