CVE-2018-8005
MEDIUMApache Traffic Server <6.2.2, <7.1.3 - Info Disclosure
Title source: llmDescription
When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca%40%3Cusers.trafficserver.apache.org%3E
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4282
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105187
Third Party Advisory x_refsource_confirm
https://github.com/apache/trafficserver/pull/3106
Third Party Advisory x_refsource_confirm
https://github.com/apache/trafficserver/pull/3124
Scores
CVSS v3
5.3
EPSS
0.0669
EPSS Percentile
91.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (2)
apache/traffic_server
6.0.0 - 6.2.2
debian/debian_linux
9.0
Published
Aug 29, 2018
Tracked Since
Feb 18, 2026