Description

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Remediation

References

CVE-2018-8005

Related Vulnerabilities

WordPress Plugin Post Thumbnail Editor Multiple Cross-Site Request Forgery Vulnerabilities (2.4.1)

WordPress 5.0.x Prototype Pollution (5.0 - 5.0.15)

Oracle HTTP Server CVE-2020-2952 Vulnerability (CVE-2020-2952)

MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-0226)

WordPress Plugin Invoicing with InvoiceXpress for WooCommerce-Free Cross-Site Scripting (3.0.2)

Severity

Medium

Classification

CVE-2018-8005 CWE-400 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities