4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.003 Low
EPSS
Percentile
65.7%
There are multiple HTTP smuggling and cache poisoning issues when clients
making malicious requests interact with Apache Traffic Server (ATS). This
affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue
users running 6.x should upgrade to 6.2.3 or later versions and 7.x users
should upgrade to 7.1.4 or later versions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | trafficserver | < any | UNKNOWN |
ubuntu | 16.04 | noarch | trafficserver | < any | UNKNOWN |
www.openwall.com/lists/oss-security/2018/08/29/5
github.com/apache/trafficserver/commit/05d734c773900dd589480ff07572c0d7db7c3d44
github.com/apache/trafficserver/commit/2616e580de7d66b9098c464d503a049c7814e35a
github.com/apache/trafficserver/commit/3d2fdab8b0606bc8b35006f7aeb73729d364b333
github.com/apache/trafficserver/commit/9659d12a21cf1870c2790fdd5acab712ed87f16e
github.com/apache/trafficserver/pull/3192
github.com/apache/trafficserver/pull/3201
github.com/apache/trafficserver/pull/3231
github.com/apache/trafficserver/pull/3251
launchpad.net/bugs/cve/CVE-2018-8004
nvd.nist.gov/vuln/detail/CVE-2018-8004
security-tracker.debian.org/tracker/CVE-2018-8004
www.cve.org/CVERecord?id=CVE-2018-8004
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.003 Low
EPSS
Percentile
65.7%