CVE-2018-1318
HIGHApache Traffic Server 6.0.0-6.2.2 and 7.0.0-7.1.3 - Denial of Service via Method ACLs in remap.config
Title source: llmDescription
Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_confirm
https://github.com/apache/trafficserver/pull/3195
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105176
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4282
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2%40%3Cusers.trafficserver.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.1459
EPSS Percentile
94.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (2)
apache/traffic_server
6.0.0 - 6.2.2
debian/debian_linux
9.0
Published
Aug 29, 2018
Tracked Since
Feb 18, 2026