CVE-2018-8004

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Published: Aug 29, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8004
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-444

Affected Software
References

Software	From	Fixed in
apache / traffic_server	6.0.0	6.2.2.x
apache / traffic_server	7.0.0	7.1.3.x
debian / debian_linux	9.0	9.0.x

http://www.securityfocus.com/bid/105192
https://github.com/apache/trafficserver/pull/3192
https://github.com/apache/trafficserver/pull/3201
https://github.com/apache/trafficserver/pull/3231
https://github.com/apache/trafficserver/pull/3251
https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5@%3Cusers.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5%40%3Cusers.trafficserver.apache.org%3E
https://www.debian.org/security/2018/dsa-4282

Vulnerability Database

289,599

CVE-2018-8004