Lucene search

[email protected]CVE-2018-8004

HistoryAug 29, 2018 - 1:29 p.m.

CVE-2018-8004

2018-08-2913:29:00

CWE-444

[email protected]

web.nvd.nist.gov

cve-2018-8004

http smuggling

cache poisoning

apache traffic server

ats

security vulnerability

upgrade advisories

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.6%

JSON

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

CPENameOperatorVersion
apache:traffic_serverapache traffic serverle6.2.2
apache:traffic_serverapache traffic serverle7.1.3
debian:debian_linuxdebian debian linuxeq9.0

CPE	Name	Operator	Version
apache:traffic_server	apache traffic server	le	6.2.2
apache:traffic_server	apache traffic server	le	7.1.3
debian:debian_linux	debian debian linux	eq	9.0

References

www.securityfocus.com/bid/105192

github.com/apache/trafficserver/pull/3192

github.com/apache/trafficserver/pull/3201

github.com/apache/trafficserver/pull/3231

github.com/apache/trafficserver/pull/3251

lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5%40%3Cusers.trafficserver.apache.org%3E

www.debian.org/security/2018/dsa-4282

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2018-8004

prion1 ubuntucve1 debiancve1 nessus2 osv2 debian1 openvas2 hackerone1