CVE-2018-8004

Sažetak

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Reference

https://github.com/apache/trafficserver/pull/3251
https://github.com/apache/trafficserver/pull/3231
https://github.com/apache/trafficserver/pull/3201
https://github.com/apache/trafficserver/pull/3192
http://www.securityfocus.com/bid/105192
https://www.debian.org/security/2018/dsa-4282
https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5%40%3Cusers.trafficserver.apache.org%3E

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 03:01

Objavljeno

29-08-2018 - 13:29