CVE-2018-8004
First published: Wed Aug 29 2018(Updated: )
There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/trafficserver | 8.0.2+ds-1+deb10u6 8.1.7-0+deb10u2 8.1.7+ds-1~deb11u1 9.2.0+ds-2+deb12u1 9.2.2+ds-1 | |
| Apache Traffic Server | >=6.0.0<=6.2.2 | |
| Apache Traffic Server | >=7.0.0<=7.1.3 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.openwall.com/lists/oss-security/2018/08/29/5
- https://github.com/apache/trafficserver/pull/3192
- https://github.com/apache/trafficserver/pull/3201
- https://github.com/apache/trafficserver/pull/3231
- https://github.com/apache/trafficserver/pull/3251
- https://github.com/apache/trafficserver/commit/05d734c773900dd589480ff07572c0d7db7c3d44
- https://github.com/apache/trafficserver/commit/9659d12a21cf1870c2790fdd5acab712ed87f16e
- https://github.com/apache/trafficserver/commit/2616e580de7d66b9098c464d503a049c7814e35a
- https://github.com/apache/trafficserver/commit/3d2fdab8b0606bc8b35006f7aeb73729d364b333
- https://security-tracker.debian.org/tracker/CVE-2018-8004
- http://www.securityfocus.com/bid/105192
- https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5@%3Cusers.trafficserver.apache.org%3E
- https://www.debian.org/security/2018/dsa-4282
- https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5%40%3Cusers.trafficserver.apache.org%3E
- collector/security-tracker-debian
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/tags
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- package-manager/debian
- vendor/apache
- canonical/apache traffic server
- version/apache traffic server/6.0.0
- version/apache traffic server/6.2.2
- version/apache traffic server/7.0.0
- version/apache traffic server/7.1.3
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0