CVE-2024-56202
Apache Traffic Server: Expect header field can unreasonably retain resourceExpected Behavior Violation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.
We have discovered 1,317 live websites that are affected by CVE-2024-56202.
Affected Software
| Product |  ATS |
| Category | Web Servers |
| Vulnerable Domains | 1,317 live websites (61.60% of ATS install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 14 versions ( 35.90% of all versions) |
Common Weakness Enumeration
CWE-440 Expected Behavior ViolationDetails
- Published - Mar 6, 2025
- Updated - Mar 6, 2025
Credits
- David Carlin (reporter)
CWE
CVE References
CWE References
CVE-2024-56202 usage by Country
 United States | 1,047 websites |
 Germany | 170 websites |
 GB | 38 websites |
 Italy | 26 websites |
 Isle of Man | 7 websites |
 Netherlands | 6 websites |
 China | 3 websites |
 France | 3 websites |
 Canada | 2 websites |
 India | 2 websites |
CVE-2024-56202 usage by TLD
| .org | 883 websites |
| .com | 148 websites |
| .net | 57 websites |
| .it | 38 websites |
| .de | 33 websites |
| .org.uk | 11 websites |
| .edu | 10 websites |
| .co.uk | 3 websites |
| .ca | 2 websites |
| .com.br | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-56202
Top websites that are affected by CVE-2024-56202. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **.*********.org | United States | ** | |
| *******.com | United States | ** | |
| **.*********.org | United States | *** | |
| *******.*********.org | United States | *** | |
| **.*********.org | United States | *** | |
| *********.org | United States | *,*** | |
| *********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| **.*********.org | United States | *,*** | |
| ************.net | United States | *,*** |
FAQ
CVE-2024-56202 is Expected Behavior Violation in ATS
A total of 1,317 websites have been identified as vulnerable to CVE-2024-56202, discovered through global website indexing conducted by WebTechSurvey.
ATS is susceptible to CVE-2024-56202 vulnerability.
ATS versions before, and including, 10.0.3 are vulnerable to CVE-2024-56202.