VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ba1k-fjyk-jbet

Vulnerability ID	VCID-ba1k-fjyk-jbet
Aliases	CVE-2024-56202
Summary	Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.
Status	Published
Exploitability	0.5
Weighted Severity	3.9
Risk	1.9
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-440

System	Score	Found at
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00218	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00331	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00331	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00331	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
epss	0.00331	https://api.first.org/data/v1/epss?cve=CVE-2024-56202
cvssv3.1	4.3	https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
ssvc	Track	https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-56202
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56202
1099691		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099691
btofzws2yqskk2n7f01r3l1819x01023		https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023
cpe:2.3:a:apache:traffic_server::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server::::::::
CVE-2024-56202		https://nvd.nist.gov/vuln/detail/CVE-2024-56202

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:38:08Z/ Found at https://lists.apache.org/thread/btofzws2yqskk2n7f01r3l1819x01023

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:00:46.459005+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/56xxx/CVE-2024-56202.json	37.0.0