CVE-2024-56202

CVE-2024-56202: Apache Traffic Server: Expect header field can unreasonably retain resource

Vendor Apache Software Foundation

Product Apache Traffic Server

Weakness CWE-440

Published March 6, 2025

Last update March 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Expected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.

Key dates

Disclosure timeline

March 6, 2025 CVE published

March 6, 2025 Record updated

Identifiers

CVE CVE-2024-56202

CWE CWE-440

Affected versions

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 9.0.0 and ≤ 9.2.8

Vendor Apache Software Foundation

Product Apache Traffic Server

Affected ≥ 10.0.0 and ≤ 10.0.3