Lucene search
PRIOn knowledge basePRION:CVE-2018-8040HistoryAug 29, 2018 - 1:29 p.m.
Code injection
2018-08-2913:29:00
PRIOn knowledge base
www.prio-n.com
3
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
| CPE | Name | Operator | Version |
|---|---|---|---|
| traffic_server | ge | 6.0.0 | |
| traffic_server | le | 6.2.2 | |
| traffic_server | ge | 7.0.0 | |
| traffic_server | le | 7.1.3 | |
| debian_linux | eq | 9.0 |
References
www.securityfocus.com/bid/105181
github.com/apache/trafficserver/pull/3926
lists.apache.org/thread.html/36b3df68fe7311965f6bc4630ca413d2aa99d8f1d53affda85ea70d7@%3Cusers.trafficserver.apache.org%3E
lists.apache.org/thread.html/cc7aa2ce1c6f4fe0c6bfef517763cdaad30ec7bcb0115b73f73f3c01@%3Cusers.trafficserver.apache.org%3E
www.debian.org/security/2018/dsa-4282
Related
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2018-8040
2018-08-29 13:29:02
ubuntucve
ubuntucve
CVE-2018-8040
2018-08-29 00:00:00
cve
cve
CVE-2018-8040
2018-08-29 13:29:02
osv
osv
CVE-2018-8040
2018-08-29 13:29:02
trafficserver - security update
2018-08-31 00:00:00
debiancve
debiancve
CVE-2018-8040
2018-08-29 13:29:02
cvelist
cvelist
CVE-2018-8040
2018-08-28 00:00:00
openvas
openvas
Apache Traffic Server (ATS) Multiple Vulnerabilities (Aug 2018)
2018-08-30 00:00:00
Debian: Security Advisory (DSA-4282-1)
2018-08-30 00:00:00
nessus
nessus
Debian DSA-4282-1 : trafficserver - security update
2018-09-04 00:00:00
debian
debian
[SECURITY] [DSA 4282-1] trafficserver security update
2018-08-31 21:51:26