Description

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Remediation

References

CVE-2018-8004

Related Vulnerabilities

Oracle JRE CVE-2013-5844 Vulnerability (CVE-2013-5844)

Oracle JRE CVE-2017-10350 Vulnerability (CVE-2017-10350)

Moodle Improper Input Validation Vulnerability (CVE-2019-10134)

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2016-8612)

Severity

Medium

Classification

CVE-2018-8004 CWE-444 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities