{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92604?format=json","vulnerability_id":"VCID-9rs4-uvph-3yh7","summary":"Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.","aliases":[{"alias":"CVE-2014-3624"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/941477?format=json","purl":"pkg:deb/debian/trafficserver@5.0.0-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@5.0.0-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/1037081?format=json","purl":"pkg:deb/debian/trafficserver@6.2.0-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41x7-hv4u-byb9"},{"vulnerability":"VCID-4men-293s-3bhn"},{"vulnerability":"VCID-4wwn-74ac-p7dp"},{"vulnerability":"VCID-568b-s8ks-vfa6"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-6bwv-cd3d-mudb"},{"vulnerability":"VCID-73aa-rk27-tye1"},{"vulnerability":"VCID-7nhc-5p2x-t3cj"},{"vulnerability":"VCID-8aev-nmwa-fkcg"},{"vulnerability":"VCID-931v-ukcc-6qaa"},{"vulnerability":"VCID-aqt5-2ffy-9bgs"},{"vulnerability":"VCID-au6q-ek7r-8bgr"},{"vulnerability":"VCID-b7zx-ywwc-57d9"},{"vulnerability":"VCID-bb5y-kjej-bbfm"},{"vulnerability":"VCID-bdgg-edbf-xfav"},{"vulnerability":"VCID-btm9-vxvc-3qhv"},{"vulnerability":"VCID-c5hc-3jtx-k3a6"},{"vulnerability":"VCID-c675-5njd-63hk"},{"vulnerability":"VCID-cbe5-hhz8-bqbn"},{"vulnerability":"VCID-cscf-sb71-jybq"},{"vulnerability":"VCID-esap-nkps-cfg9"},{"vulnerability":"VCID-fmwc-nmhh-ryaf"},{"vulnerability":"VCID-fq5y-b9yq-nbee"},{"vulnerability":"VCID-hbte-dsw2-y7ad"},{"vulnerability":"VCID-j6r7-ypa1-zybv"},{"vulnerability":"VCID-jabw-thzt-63bb"},{"vulnerability":"VCID-jb1b-9gr2-suez"},{"vulnerability":"VCID-jdjf-3w9k-xbaw"},{"vulnerability":"VCID-k2ks-3t6e-uqgu"},{"vulnerability":"VCID-m8p8-5n65-qyhy"},{"vulnerability":"VCID-msu4-5h99-2yaq"},{"vulnerability":"VCID-n66u-b73u-zucb"},{"vulnerability":"VCID-nbwy-fdv2-uydt"},{"vulnerability":"VCID-p5f7-uu6r-8bez"},{"vulnerability":"VCID-pxaf-6qxa-77h9"},{"vulnerability":"VCID-qwmj-ez4q-7qex"},{"vulnerability":"VCID-r86j-zujn-f7ez"},{"vulnerability":"VCID-rcdg-j23x-xfbn"},{"vulnerability":"VCID-rw58-bnwt-2bam"},{"vulnerability":"VCID-scpg-5hcj-5yd3"},{"vulnerability":"VCID-skrs-cynm-r7du"},{"vulnerability":"VCID-t559-a5u6-4ke1"},{"vulnerability":"VCID-u5qg-vszr-9ye2"},{"vulnerability":"VCID-ue7s-pn8b-vydz"},{"vulnerability":"VCID-uhqf-tsxe-ayc2"},{"vulnerability":"VCID-uhxq-9bzs-u3fd"},{"vulnerability":"VCID-uy1m-av2n-jybt"},{"vulnerability":"VCID-va7d-ktp2-m7et"},{"vulnerability":"VCID-w42s-4aps-y3c5"},{"vulnerability":"VCID-waer-as81-8fed"},{"vulnerability":"VCID-xh97-4sn5-vyfw"},{"vulnerability":"VCID-xwdc-hndy-yubc"},{"vulnerability":"VCID-xwru-y5m9-gucd"},{"vulnerability":"VCID-zmh1-wmct-uyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@6.2.0-1~bpo8%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/941472?format=json","purl":"pkg:deb/debian/trafficserver@8.1.10%2Bds-1~deb11u1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4738-xk8n-hbac"},{"vulnerability":"VCID-4hs3-be7k-9qe7"},{"vulnerability":"VCID-4uhe-mtbx-nfdu"},{"vulnerability":"VCID-5e1r-3jec-tkhp"},{"vulnerability":"VCID-c62p-6ghw-j3dv"},{"vulnerability":"VCID-eay7-63um-43e9"},{"vulnerability":"VCID-kjah-am9e-xkev"},{"vulnerability":"VCID-tevw-8dcp-yfh6"},{"vulnerability":"VCID-ww3t-p3pq-gkhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@8.1.10%252Bds-1~deb11u1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/941470?format=json","purl":"pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u3?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-0%252Bdeb12u3%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/941473?format=json","purl":"pkg:deb/debian/trafficserver@9.2.5%2Bds-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4738-xk8n-hbac"},{"vulnerability":"VCID-4hs3-be7k-9qe7"},{"vulnerability":"VCID-4uhe-mtbx-nfdu"},{"vulnerability":"VCID-5e1r-3jec-tkhp"},{"vulnerability":"VCID-c62p-6ghw-j3dv"},{"vulnerability":"VCID-eay7-63um-43e9"},{"vulnerability":"VCID-jabw-thzt-63bb"},{"vulnerability":"VCID-kjah-am9e-xkev"},{"vulnerability":"VCID-rcdg-j23x-xfbn"},{"vulnerability":"VCID-tevw-8dcp-yfh6"},{"vulnerability":"VCID-ww3t-p3pq-gkhy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@9.2.5%252Bds-1%3Fdistro=sid"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037080?format=json","purl":"pkg:deb/debian/trafficserver@3.0.5-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-41x7-hv4u-byb9"},{"vulnerability":"VCID-4js5-31yx-gkf1"},{"vulnerability":"VCID-4men-293s-3bhn"},{"vulnerability":"VCID-4wwn-74ac-p7dp"},{"vulnerability":"VCID-568b-s8ks-vfa6"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-6bwv-cd3d-mudb"},{"vulnerability":"VCID-73aa-rk27-tye1"},{"vulnerability":"VCID-7nhc-5p2x-t3cj"},{"vulnerability":"VCID-8aev-nmwa-fkcg"},{"vulnerability":"VCID-931v-ukcc-6qaa"},{"vulnerability":"VCID-9pd6-v7d1-9qem"},{"vulnerability":"VCID-9rs4-uvph-3yh7"},{"vulnerability":"VCID-aqt5-2ffy-9bgs"},{"vulnerability":"VCID-au6q-ek7r-8bgr"},{"vulnerability":"VCID-b7zx-ywwc-57d9"},{"vulnerability":"VCID-bb5y-kjej-bbfm"},{"vulnerability":"VCID-bdgg-edbf-xfav"},{"vulnerability":"VCID-btm9-vxvc-3qhv"},{"vulnerability":"VCID-c5hc-3jtx-k3a6"},{"vulnerability":"VCID-c675-5njd-63hk"},{"vulnerability":"VCID-cbe5-hhz8-bqbn"},{"vulnerability":"VCID-cscf-sb71-jybq"},{"vulnerability":"VCID-esap-nkps-cfg9"},{"vulnerability":"VCID-fmwc-nmhh-ryaf"},{"vulnerability":"VCID-fq5y-b9yq-nbee"},{"vulnerability":"VCID-hbte-dsw2-y7ad"},{"vulnerability":"VCID-j6r7-ypa1-zybv"},{"vulnerability":"VCID-jabw-thzt-63bb"},{"vulnerability":"VCID-jb1b-9gr2-suez"},{"vulnerability":"VCID-jdjf-3w9k-xbaw"},{"vulnerability":"VCID-k2ks-3t6e-uqgu"},{"vulnerability":"VCID-khz4-1uav-cqgg"},{"vulnerability":"VCID-m8p8-5n65-qyhy"},{"vulnerability":"VCID-msu4-5h99-2yaq"},{"vulnerability":"VCID-n66u-b73u-zucb"},{"vulnerability":"VCID-nbwy-fdv2-uydt"},{"vulnerability":"VCID-p5f7-uu6r-8bez"},{"vulnerability":"VCID-pxaf-6qxa-77h9"},{"vulnerability":"VCID-qwmj-ez4q-7qex"},{"vulnerability":"VCID-r86j-zujn-f7ez"},{"vulnerability":"VCID-rcdg-j23x-xfbn"},{"vulnerability":"VCID-rw58-bnwt-2bam"},{"vulnerability":"VCID-scpg-5hcj-5yd3"},{"vulnerability":"VCID-skrs-cynm-r7du"},{"vulnerability":"VCID-t559-a5u6-4ke1"},{"vulnerability":"VCID-u4tn-85je-n7gt"},{"vulnerability":"VCID-u5qg-vszr-9ye2"},{"vulnerability":"VCID-ue7s-pn8b-vydz"},{"vulnerability":"VCID-uhqf-tsxe-ayc2"},{"vulnerability":"VCID-uhxq-9bzs-u3fd"},{"vulnerability":"VCID-uvhz-uspt-7ygz"},{"vulnerability":"VCID-uy1m-av2n-jybt"},{"vulnerability":"VCID-va7d-ktp2-m7et"},{"vulnerability":"VCID-w42s-4aps-y3c5"},{"vulnerability":"VCID-waer-as81-8fed"},{"vulnerability":"VCID-xh97-4sn5-vyfw"},{"vulnerability":"VCID-xwdc-hndy-yubc"},{"vulnerability":"VCID-xwru-y5m9-gucd"},{"vulnerability":"VCID-zmh1-wmct-uyf7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/trafficserver@3.0.5-1"}],"references":[{"reference_url":"http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F%40minotaur.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"http://mail-archives.apache.org/mod_mbox/www-announce/201411.mbox/%3C20141101231749.2E3561043F%40minotaur.apache.org%3E"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3624","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59983","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59919","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59744","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59818","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59841","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59811","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59862","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59897","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59881","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59863","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59901","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59907","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59893","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.5987","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59831","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59878","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59936","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3624"},{"reference_url":"https://issues.apache.org/jira/browse/TS-2677","reference_id":"","reference_type":"","scores":[],"url":"https://issues.apache.org/jira/browse/TS-2677"},{"reference_url":"http://www.securityfocus.com/bid/101630","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101630"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:5.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:traffic_server:5.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:5.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3624","reference_id":"CVE-2014-3624","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3624"}],"weaknesses":[{"cwe_id":284,"name":"Improper Access Control","description":"The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor."}],"exploits":[],"severity_range_score":"7.5 - 9.8","exploitability":"0.5","weighted_severity":"8.8","risk_score":4.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9rs4-uvph-3yh7"}