CVE-2018-8004

MEDIUM

Apache Traffic Server <6.2.2, <7.1.3 - SSRF

Title source: llm

Description

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Exploits (1)

nomisec STUB 1 stars

by mosesrenegade · poc

https://github.com/mosesrenegade/CVE-2018-8004

View Code ZIP pw:eip

References (7)

[Patch, Third Party Advisory] https://github.com/apache/trafficserver/pull/3201

[Patch, Third Party Advisory] https://github.com/apache/trafficserver/pull/3251

[Patch, Third Party Advisory] https://github.com/apache/trafficserver/pull/3192

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105192

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4282

[Mailing List] https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5%40%3Cusers.trafficserver.apache.org%3E

[Patch, Third Party Advisory] https://github.com/apache/trafficserver/pull/3231

Scores

CVSS v3 6.5

EPSS 0.0259

EPSS Percentile 85.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-444

Status published

Products (2)

apache/traffic_server 6.0.0 - 6.2.2

debian/debian_linux 9.0

Published Aug 29, 2018

Tracked Since Feb 18, 2026