CVE-2018-11783
7.5
HIGH
CVSS 3.1
EPSS 1.1%
Description
sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.
How to fix CVE-2018-11783
To remediate CVE-2018-11783, upgrade the affected package to a fixed version below.
- Debian/trafficserver—upgrade to 8.0.2+ds-1 or later
Is CVE-2018-11783 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 8.0.2+ds-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |