CVE-2024-38311
Apache Traffic Server: Request smuggling via pipelining after a chunked message bodyImproper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.
We have discovered 400 live websites that are affected by CVE-2024-38311.
Affected Software
| Product |  ATS |
| Category | Web Servers |
| Vulnerable Domains | 400 live websites (36% of ATS install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 13 versions ( 48% of all versions) |
Common Weakness Enumeration
CWE-20 Improper Input ValidationDetails
- Published - Mar 6, 2025
- Updated - Mar 6, 2025
Credits
- Ben Kallus (reporter)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-38311 United States | 49 websites |
 Germany | 132 websites |
 China | 131 websites |
 GB | 35 websites |
 France | 10 websites |
 Isle of Man | 8 websites |
 Spain | 7 websites |
 Russia | 7 websites |
 Italy | 6 websites |
 Finland | 5 websites |
Website Distribution by TLD
Number of websites using CVE-2024-38311| .com.cn | 93 websites |
| .com | 82 websites |
| .org | 26 websites |
| .cn | 22 websites |
| .de | 13 websites |
| .ru | 11 websites |
| .org.uk | 11 websites |
| .it | 10 websites |
| .fi | 8 websites |
| .net | 6 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-38311
Top websites that are affected by CVE-2024-38311. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.************.net | United States | **,*** | |
| ****.******.jp |  Japan | **,*** | |
| ********.******.com | United States | **,*** | |
| ************.******.com | United States | **,*** | |
| ***.**********.de | Germany | **,*** | |
| *********.******.com | United States | **,*** | |
| *********.******.***.cn | China | **,*** | |
| ******.**********.de | Germany | ***,*** | |
| ******.***.cn | China | ***,*** | |
| *****.******.***.cn | China | ***,*** |
FAQ
CVE-2024-38311 is Improper Input Validation in ATS
A total of 400 websites have been identified as vulnerable to CVE-2024-38311, based on global website indexing conducted by WebTechSurvey.
The ATS is affected by the CVE-2024-38311 vulnerability.
ATS versions up to and including 10.0.3 are vulnerable to CVE-2024-38311.