Description

HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server.  Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new setting (proxy.config.http2.max_continuation_frames_per_minute) to limit the number of CONTINUATION frames per minute.  ATS does have a fixed amount of memory a request can use and ATS adheres to these limits in previous releases. Users are recommended to upgrade to versions 8.1.10 or 9.2.4 which fixes the issue.

INFO

Published Date :

2024-04-10T12:07:16.975Z

Last Modified :

2025-11-04T18:30:48.185Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-31309 vulnerability.

Vendors Products
Apache
  • Traffic Server
Debian
  • Debian Linux
Fedoraproject
  • Fedora

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact