The Apache Software Foundation has disclosed several vulnerabilities affecting its Traffic Server software.
These vulnerabilities allow malicious actors to exploit malformed requests and access control list (ACL) issues, posing serious security risks to users.
The vulnerabilities, identified by CVE numbers CVE-2024-38311, CVE-2024-56195, CVE-2024-56196, and CVE-2024-56202, have been reported by various researchers and affect multiple versions of the Apache Traffic Server.
The vulnerabilities affect Apache Traffic Server versions 9.0.0 through 9.2.8, as well as versions 10.0.0 to 10.0.3. Users are advised to upgrade their installations to mitigate these risks. Specifically:
These vulnerabilities underscore the importance of maintaining updated software to protect against emerging threats.
The Apache Software Foundation’s prompt disclosure and mitigation guidance offer users a clear path to securing their systems.
As the cybersecurity landscape continues to evolve, vigilance and proactive updates remain crucial for preventing exploitation by malicious actors.
Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.
Security researchers at Elastic have recreated the intricate details of the February 21, 2025, ByBit…
Unit 42 researchers at Palo Alto Networks, a highly targeted malicious campaign orchestrated by the…
DragonForce has swiftly risen as a formidable player in 2025, embodying a hybrid threat that…
The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection…
IBM has issued a security bulletin addressing two newly discovered, high-severity vulnerabilities in its Cognos…
Amazon Web Services (AWS) has addressed a critical security flaw (CVE-2025-4318) in its AWS Amplify Studio platform,…