CVE-2018-11783
HIGHApache Traffic Server 6.0.0-6.0.3 7.0.0-7.1.5 8.0.0-8.0.1 - Exposure of Sensitive Information via sslheaders Plugin
Title source: llmDescription
sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.
References (2)
Core 2
Core References
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107032
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e%40%3Cannounce.trafficserver.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.0112
EPSS Percentile
78.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
apache/traffic_server
6.0.0 - 6.0.3
Published
Mar 07, 2019
Tracked Since
Feb 18, 2026