CVE-2024-56195
Apache Traffic Server: Intercept plugins are not access controlledImproper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.
We have discovered 1,295 live websites that are affected by CVE-2024-56195.
Affected Software
| Product |  ATS |
| Category | Web Servers |
| Vulnerable Domains | 1,295 live websites (60.57% of ATS install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 11 versions ( 28.21% of all versions) |
Common Weakness Enumeration
CWE-284 Improper Access ControlDetails
- Published - Mar 6, 2025
- Updated - Mar 6, 2025
Credits
- Masaori Koshiba (reporter)
CWE
CVE References
CWE References
CVE-2024-56195 usage by Country
 United States | 1,046 websites |
 Germany | 153 websites |
 GB | 38 websites |
 Italy | 26 websites |
 Isle of Man | 7 websites |
 China | 3 websites |
 France | 3 websites |
 Canada | 2 websites |
 India | 2 websites |
 Netherlands | 2 websites |
CVE-2024-56195 usage by TLD
| .org | 882 websites |
| .com | 139 websites |
| .net | 55 websites |
| .it | 38 websites |
| .de | 24 websites |
| .org.uk | 11 websites |
| .edu | 10 websites |
| .co.uk | 3 websites |
| .ca | 2 websites |
| .com.br | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-56195
Top websites that are affected by CVE-2024-56195. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **.*********.org | United States | ** | |
| *******.com | United States | ** | |
| **.*********.org | United States | *** | |
| *******.*********.org | United States | *** | |
| **.*********.org | United States | *** | |
| *********.org | United States | *,*** | |
| *********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| ************.net | United States | *,*** |
FAQ
CVE-2024-56195 is Improper Access Control in ATS
A total of 1,295 websites have been identified as vulnerable to CVE-2024-56195, discovered through global website indexing conducted by WebTechSurvey.
ATS is susceptible to CVE-2024-56195 vulnerability.
ATS versions before, and including, 10.0.3 are vulnerable to CVE-2024-56195.