关键信息 漏洞名称:Apache Traffic Server is vulnerable to specific user inputs CVE编号: - CVE-2024-38479: Cache key plugin is vulnerable to cache poisoning attack - CVE-2024-50305: Valid Host field value can cause crashes - CVE-2024-50306: Server process can fail to drop privilege 报告者: - Bryan Call (CVE-2024-38479) - Masakazu Kitajo (CVE-2024-50305) - Jeffrey BENCTEUX (CVE-2024-50306) 受影响的版本: - ATS 9.0.0 to 9.2.5 (CVE-2024-38479, CVE-2024-50305, CVE-2024-50306) - ATS 10.0.0 to 10.0.1 (CVE-2024-50306) 缓解措施: - 9.x 用户应升级到 9.2.6 或更高版本 - 10.x 用户应升级到 10.0.2 或更高版本 链接: - CVE-2024-38479 - CVE-2024-50305 - CVE-2024-50306