Lucene search
PRIOn knowledge basePRION:CVE-2018-8004HistoryAug 29, 2018 - 1:29 p.m.
Design/Logic Flaw
2018-08-2913:29:00
PRIOn knowledge base
www.prio-n.com
3
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| traffic_server | ge | 6.0.0 | |
| traffic_server | le | 6.2.2 | |
| traffic_server | ge | 7.0.0 | |
| traffic_server | le | 7.1.3 | |
| debian_linux | eq | 9.0 |
References
www.securityfocus.com/bid/105192
github.com/apache/trafficserver/pull/3192
github.com/apache/trafficserver/pull/3201
github.com/apache/trafficserver/pull/3231
github.com/apache/trafficserver/pull/3251
lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5@%3Cusers.trafficserver.apache.org%3E
www.debian.org/security/2018/dsa-4282
Related
cve
cve
CVE-2018-8004
2018-08-29 13:29:01
ubuntucve
ubuntucve
CVE-2018-8004
2018-08-29 00:00:00
debiancve
debiancve
CVE-2018-8004
2018-08-29 13:29:01
osv
osv
CVE-2018-8004
2018-08-29 13:29:01
trafficserver - security update
2018-08-31 00:00:00
nvd
nvd
CVE-2018-8004
2018-08-29 13:29:01
cvelist
cvelist
CVE-2018-8004
2018-08-28 00:00:00
nessus
nessus
Apache Traffic Server - HTTP Smuggling and Cache poisoning
2020-05-28 00:00:00
Debian DSA-4282-1 : trafficserver - security update
2018-09-04 00:00:00
openvas
openvas
Apache Traffic Server (ATS) Multiple Vulnerabilities (Aug 2018)
2018-08-30 00:00:00
Debian: Security Advisory (DSA-4282-1)
2018-08-30 00:00:00
debian
debian
[SECURITY] [DSA 4282-1] trafficserver security update
2018-08-31 21:51:26
hackerone
hackerone
Internet Bug Bounty: Multiple HTTP Smuggling reports
2019-07-17 22:47:10