VulnerableCode Package Details - pkg:deb/debian/trafficserver@9.2.5%2Bds-0%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4wv5-y778-cydd	Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.	CVE-2024-53868
VCID-5x4y-yahm-hqaw	Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.	CVE-2023-38522
VCID-68w5-p8ud-eybj	ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.	CVE-2025-49763
VCID-6mqf-nqvk-yyhn	Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.	CVE-2024-35161
VCID-76av-km9w-7fhk	Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.	CVE-2024-56195
VCID-9nex-8kjb-9kaz	Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.	CVE-2024-38311
VCID-ba1k-fjyk-jbet	Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.	CVE-2024-56202
VCID-dn7e-xgnt-sbcm	ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.	CVE-2025-31698
VCID-sm56-1ey8-r3b3	Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.	CVE-2024-35296
VCID-suuy-3kv9-2kag	Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.	CVE-2024-50305
VCID-thb6-77ut-xuau	Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.	CVE-2024-38479
VCID-wxpd-r9sw-pqhx	Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.	CVE-2024-50306

Vulnerability

Summary

Aliases

VCID-4wv5-y778-cydd

Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the issue.

CVE-2024-53868

VCID-5x4y-yahm-hqaw

Apache Traffic Server accepts characters that are not allowed for HTTP field names and forwards malformed requests to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

CVE-2023-38522

VCID-68w5-p8ud-eybj

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin (--max-inclusion-depth) to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

CVE-2025-49763

VCID-6mqf-nqvk-yyhn

Apache Traffic Server forwards malformed HTTP chunked trailer section to origin servers. This can be utilized for request smuggling and may also lead cache poisoning if the origin servers are vulnerable. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users can set a new setting (proxy.config.http.drop_chunked_trailers) not to forward chunked trailer section. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

CVE-2024-35161

VCID-76av-km9w-7fhk

Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.

CVE-2024-56195

VCID-9nex-8kjb-9kaz

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.

CVE-2024-38311

VCID-ba1k-fjyk-jbet

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.

CVE-2024-56202

VCID-dn7e-xgnt-sbcm

ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol. Users can use a new setting (proxy.config.acl.subjects) to choose which IP addresses to use for the ACL if Apache Traffic Server is configured to accept PROXY protocol. This issue affects undefined: from 10.0.0 through 10.0.6, from 9.0.0 through 9.2.10. Users are recommended to upgrade to version 9.2.11 or 10.0.6, which fixes the issue.

CVE-2025-31698

VCID-sm56-1ey8-r3b3

Invalid Accept-Encoding header can cause Apache Traffic Server to fail cache lookup and force forwarding requests. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.10, from 9.0.0 through 9.2.4. Users are recommended to upgrade to version 8.1.11 or 9.2.5, which fixes the issue.

CVE-2024-35296

VCID-suuy-3kv9-2kag

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

CVE-2024-50305

VCID-thb6-77ut-xuau

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

CVE-2024-38479

VCID-wxpd-r9sw-pqhx

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

CVE-2024-50306

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T15:34:32.008251+00:00	Debian Oval Importer	Fixing	VCID-5x4y-yahm-hqaw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:33:19.760080+00:00	Debian Oval Importer	Fixing	VCID-thb6-77ut-xuau	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:27:24.594811+00:00	Debian Oval Importer	Fixing	VCID-6mqf-nqvk-yyhn	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:16:47.278723+00:00	Debian Oval Importer	Fixing	VCID-sm56-1ey8-r3b3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:21:35.640859+00:00	Debian Importer	Fixing	VCID-9nex-8kjb-9kaz	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:15:42.420637+00:00	Debian Importer	Fixing	VCID-68w5-p8ud-eybj	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:58:29.790044+00:00	Debian Importer	Fixing	VCID-suuy-3kv9-2kag	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:45:52.579428+00:00	Debian Importer	Fixing	VCID-4wv5-y778-cydd	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:43:01.595031+00:00	Debian Importer	Fixing	VCID-ba1k-fjyk-jbet	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:40:16.899771+00:00	Debian Importer	Fixing	VCID-76av-km9w-7fhk	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:21:35.622904+00:00	Debian Importer	Fixing	VCID-dn7e-xgnt-sbcm	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T11:48:39.256597+00:00	Debian Oval Importer	Fixing	VCID-wxpd-r9sw-pqhx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0