VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-9nex-8kjb-9kaz

Vulnerability ID	VCID-9nex-8kjb-9kaz
Aliases	CVE-2024-38311
Summary	Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.
Status	Published
Exploitability	0.5
Weighted Severity	5.7
Risk	2.9
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-20

System	Score	Found at
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00193	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00214	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.0024	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
epss	0.00323	https://api.first.org/data/v1/epss?cve=CVE-2024-38311
cvssv3.1	6.3	https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
ssvc	Track	https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-38311
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38311
1099691		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099691
btofzws2yqskk2n7f01r3l1819x01023		https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
cpe:2.3:a:apache:traffic_server::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server::::::::
CVE-2024-38311		https://nvd.nist.gov/vuln/detail/CVE-2024-38311

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:35:26Z/ Found at https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:56:53.008273+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/38xxx/CVE-2024-38311.json	37.0.0