CVE-2024-56196
Apache Traffic Server: ACL is not fully compatible with older versionsImproper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 10.0.4, which fixes the issue.
We have discovered 64 live websites that are affected by CVE-2024-56196.
Affected Software
| Product |  ATS |
| Category | Web Servers |
| Vulnerable Domains | 64 live websites (2.99% of ATS install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 3 versions ( 7.69% of all versions) |
Common Weakness Enumeration
CWE-284 Improper Access ControlDetails
- Published - Mar 6, 2025
- Updated - Mar 6, 2025
Credits
- Chris McFarlen (reporter)
CWE
CVE References
CWE References
CVE-2024-56196 usage by Country
 United States | 44 websites |
 Isle of Man | 7 websites |
 China | 3 websites |
 Brazil | 1 websites |
 Chile | 1 websites |
 Germany | 1 websites |
 France | 1 websites |
 GB | 1 websites |
 Netherlands | 1 websites |
CVE-2024-56196 usage by TLD
| .net | 43 websites |
| .com | 16 websites |
| .org | 2 websites |
| .com.br | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-56196
Top websites that are affected by CVE-2024-56196. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.*************.******.org | United States | ***,*** | |
| ********.com | Isle of Man | ***,*** | |
| **.*************.******.org | United States | *,***,*** | |
| ***.********.com |  Turkey | *,***,*** | |
| *******************.****.*****.**************.net |  Singapore | *,***,*** | |
| ****.********.online | Germany | *,***,*** | |
| *********.****.*****.**************.net | United States | *,***,*** | |
| *************.****.*****.**************.net | United States | *,***,*** | |
| *******************.****.*****.**************.net | United States | *,***,*** | |
| ***************.****.*****.**************.net | United States | *,***,*** |
FAQ
CVE-2024-56196 is Improper Access Control in ATS
A total of 64 websites have been identified as vulnerable to CVE-2024-56196, discovered through global website indexing conducted by WebTechSurvey.
ATS is susceptible to CVE-2024-56196 vulnerability.
ATS versions before, and including, 10.0.3 are vulnerable to CVE-2024-56196.