Multiple vulnerabilities in Apache Traffic Server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-1318 CVE-2018-8022 CVE-2018-8005 CVE-2018-8004 CVE-2018-8040 |
| CWE-ID | CWE-20 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Apache Traffic Server Server applications / Web servers |
| Vendor | Apache Foundation |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Segmentation fault
EUVDB-ID: #VU14566
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-1318
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a segmentation fault when adding method ACLs in remap.config. A remote attacker can send a specially crafted request and cause the service to crash.
MitigationUpdate to version 6.2.3, 7.1.4.
Vulnerable software versionsApache Traffic Server: 6.0.0 - 7.1.3
CPE2.3- cpe:2.3:a:apache_foundation:apache_ats:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:apache_ats:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:apache_ats:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:apache_ats:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache_foundation:apache_ats:7.1.3:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Segmentation fault
EUVDB-ID: #VU14567
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-8022
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a segmentation fault. A remote attacker can use a specially crafted invalid TLS handshake and cause the service to crash.
MitigationUpdate to version 6.2.3.
Vulnerable software versionsApache Traffic Server: 6.0.0 - 6.2.2
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU14568
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-8005
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due to the reading of the entire object from cache. A remote attacker can use a range request containing multiple ranges to obtain sensitive information.
MitigationUpdate to version 6.2.3, 7.1.4.
Vulnerable software versionsApache Traffic Server: 6.0.0 - 7.1.3
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU14569
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-8004
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to multiple HTTP smuggling and cache poisoning issues when clients make malicious requests. A remote attacker can send a specially crafted request and bypass security restrictions to conduct further attacks.
MitigationUpdate to version 6.2.3, 7.1.4.
Vulnerable software versionsApache Traffic Server: 6.0.0 - 7.1.3
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security restrictions bypass
EUVDB-ID: #VU14570
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-8040
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The vulnerability exists due to an error when pages are rendered using the ESI plugin. A remote attacker can bypass security restrictions and gain header variable access in the ESI plugin.
MitigationUpdate to version 6.2.3, 7.1.4.
Vulnerable software versionsApache Traffic Server: 6.0.0 - 7.1.3
CPE2.3Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
