The Apache Software Foundation has disclosed several vulnerabilities affecting its Traffic Server software.
These vulnerabilities allow malicious actors to exploit malformed requests and access control list (ACL) issues, posing serious security risks to users.
The vulnerabilities, identified by CVE numbers CVE-2024-38311, CVE-2024-56195, CVE-2024-56196, and CVE-2024-56202, have been reported by various researchers and affect multiple versions of the Apache Traffic Server.
The vulnerabilities affect Apache Traffic Server versions 9.0.0 through 9.2.8, as well as versions 10.0.0 to 10.0.3. Users are advised to upgrade their installations to mitigate these risks. Specifically:
These vulnerabilities underscore the importance of maintaining updated software to protect against emerging threats.
The Apache Software Foundation’s prompt disclosure and mitigation guidance offer users a clear path to securing their systems.
As the cybersecurity landscape continues to evolve, vigilance and proactive updates remain crucial for preventing exploitation by malicious actors.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…