Lucene search

[email protected]CVE-2018-8004

HistoryAug 29, 2018 - 1:29 p.m.

CVE-2018-8004

2018-08-2913:29:01

CWE-444

[email protected]

web.nvd.nist.gov

cve-2018-8004

http smuggling

cache poisoning

apache traffic server

ats

security vulnerability

upgrade advisories

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Affected configurations

Vulners

NVD

Node

apachetraffic_serverRange6.0.0–6.2.2

apachetraffic_serverRange7.0.0–7.1.3

CPENameOperatorVersion
apache:traffic_serverapache traffic serverle6.2.2
apache:traffic_serverapache traffic serverle7.1.3

CPE	Name	Operator	Version
apache:traffic_server	apache traffic server	le	6.2.2
apache:traffic_server	apache traffic server	le	7.1.3

CNA Affected

[
  {
    "product": "Apache Traffic Server",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0 to 6.2.2"
      },
      {
        "status": "affected",
        "version": "7.0.0 to 7.1.3"
      }
    ]
  }
]