Description

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Remediation

References

CVE-2018-8004

Related Vulnerabilities

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32615)

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Multiple Cross-Site Scripting Vulnerabilities (1.3.2)

WordPress Plugin WPZOOM Portfolio Cross-Site Scripting (1.2.1)

MySQL Other Vulnerability (CVE-2002-1374)

WordPress Plugin Events Made Easy Cross-Site Scripting (1.6.20)

Severity

Medium

Classification

CVE-2018-8004 CWE-444 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities