CVE-2018-8004

Description

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

How to fix CVE-2018-8004

To remediate CVE-2018-8004, upgrade the affected package to a fixed version below.

Debian/trafficserver—upgrade to 7.1.4+ds-1 or later

Is CVE-2018-8004 being exploited?

Low — EPSS is 2.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 7.1.4+ds-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2018-8004