Search for vulnerabilities
Vulnerability details: VCID-z1pr-vv51-gqae
Vulnerability ID VCID-z1pr-vv51-gqae
Aliases CVE-2024-31309
Summary HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-20 Improper Input Validation
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31309.json
epss 0.01605 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01605 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01605 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01605 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01605 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01605 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01605 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01605 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01699 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.01699 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
epss 0.02807 https://api.first.org/data/v1/epss?cve=CVE-2024-31309
cvssv3.1 7.5 https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc
ssvc Track https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html
ssvc Track https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2024/04/03/16
ssvc Track http://www.openwall.com/lists/oss-security/2024/04/03/16
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2024/04/10/7
ssvc Track http://www.openwall.com/lists/oss-security/2024/04/10/7
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31309.json
https://api.first.org/data/v1/epss?cve=CVE-2024-31309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31309
http://www.openwall.com/lists/oss-security/2024/04/03/16
1068417 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068417
2269627 https://bugzilla.redhat.com/show_bug.cgi?id=2269627
7 http://www.openwall.com/lists/oss-security/2024/04/10/7
cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
CVE-2024-31309 https://nvd.nist.gov/vuln/detail/CVE-2024-31309
f9qh3g3jvy153wh82pz4onrfj1wh13kc https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc
msg00021.html https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html
PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/
QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/
T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-31309.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T18:21:30Z/ Found at https://lists.apache.org/thread/f9qh3g3jvy153wh82pz4onrfj1wh13kc
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T18:21:30Z/ Found at https://lists.debian.org/debian-lts-announce/2024/04/msg00021.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T18:21:30Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBKLPQ6ECG4PGEPRCYI3Y3OITNDEFCCV/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T18:21:30Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QV77HYM7ARSTL3B6U3IFG7PHDU65WL4I/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T18:21:30Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3XON6RM5ZKCZ6K6NB7BOTAWMJQKXJDO/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/04/03/16
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T18:21:30Z/ Found at http://www.openwall.com/lists/oss-security/2024/04/03/16
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.openwall.com/lists/oss-security/2024/04/10/7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-12T18:21:30Z/ Found at http://www.openwall.com/lists/oss-security/2024/04/10/7
Exploit Prediction Scoring System (EPSS)
Percentile 0.81057
EPSS Score 0.01605
Published At Sept. 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:00:52.659895+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.21/community.json 37.0.0