CVE-2018-8004

2018-08-2800:00:00

apache

www.cve.org

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

CNA Affected

[
  {
    "product": "Apache Traffic Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0 to 6.2.2"
      },
      {
        "status": "affected",
        "version": "7.0.0 to 7.1.3"
      }
    ]
  }
]