Description

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Remediation

References

CVE-2018-8005

Related Vulnerabilities

CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)

Rukovoditel Cross-site Scripting (XSS) Vulnerability (CVE-2019-7541)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-26266)

WordPress Other Vulnerability (CVE-2005-1102)

WordPress Plugin ActiveHelper LiveHelp Live Chat Multiple Cross-Site Scripting Vulnerabilities (3.1.0)

Severity

Medium

Classification

CVE-2018-8005 CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities