Web application abuses : Apache Traffic Server (ATS) Multiple Vulnerabilities (Aug 2018)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.141411

Categoría: Web application abuses

Título: Apache Traffic Server (ATS) Multiple Vulnerabilities (Aug 2018)

Resumen: Apache Traffic Server (ATS) is prone to multiple vulnerabilities.

Descripción: Summary:
Apache Traffic Server (ATS) is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2018-1318: Adding method ACLs in remap.config can cause a segfault when the user makes a
carefully crafted request.

- CVE-2018-8004: Multiple HTTP smuggling and cache poisoning issues when clients making malicious
requests.

- CVE-2018-8005: When there are multiple ranges in a range request, Apache Traffic Server (ATS)
will read the entire object from cache. This can cause performance problems with large objects in
cache.

- CVE-2018-8040: Pages that are rendered using the ESI plugin can have access to the cookie header
when the plugin is configured not to allow access.

Affected Software/OS:
Apache Traffic Server version 6.0.0 through 6.2.2 and 7.0.0
through 7.1.3.

Solution:
Update to version 6.2.3, 7.1.4 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-1318
BugTraq ID: 105176
http://www.securityfocus.com/bid/105176
Debian Security Information: DSA-4282 (Google Search)
https://www.debian.org/security/2018/dsa-4282
https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2018-8004
BugTraq ID: 105192
http://www.securityfocus.com/bid/105192
https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5@%3Cusers.trafficserver.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2018-8005
BugTraq ID: 105187
http://www.securityfocus.com/bid/105187
https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca@%3Cusers.trafficserver.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2018-8040
BugTraq ID: 105181
http://www.securityfocus.com/bid/105181
https://lists.apache.org/thread.html/36b3df68fe7311965f6bc4630ca413d2aa99d8f1d53affda85ea70d7@%3Cusers.trafficserver.apache.org%3E
https://lists.apache.org/thread.html/cc7aa2ce1c6f4fe0c6bfef517763cdaad30ec7bcb0115b73f73f3c01@%3Cusers.trafficserver.apache.org%3E

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.141411
Categoría:	Web application abuses
Título:	Apache Traffic Server (ATS) Multiple Vulnerabilities (Aug 2018)
Resumen:	Apache Traffic Server (ATS) is prone to multiple vulnerabilities.
Descripción:	Summary: Apache Traffic Server (ATS) is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2018-1318: Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. - CVE-2018-8004: Multiple HTTP smuggling and cache poisoning issues when clients making malicious requests. - CVE-2018-8005: When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. - CVE-2018-8040: Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. Affected Software/OS: Apache Traffic Server version 6.0.0 through 6.2.2 and 7.0.0 through 7.1.3. Solution: Update to version 6.2.3, 7.1.4 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1318 BugTraq ID: 105176 http://www.securityfocus.com/bid/105176 Debian Security Information: DSA-4282 (Google Search) https://www.debian.org/security/2018/dsa-4282 https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8004 BugTraq ID: 105192 http://www.securityfocus.com/bid/105192 https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8005 BugTraq ID: 105187 http://www.securityfocus.com/bid/105187 https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8040 BugTraq ID: 105181 http://www.securityfocus.com/bid/105181 https://lists.apache.org/thread.html/36b3df68fe7311965f6bc4630ca413d2aa99d8f1d53affda85ea70d7@%3Cusers.trafficserver.apache.org%3E https://lists.apache.org/thread.html/cc7aa2ce1c6f4fe0c6bfef517763cdaad30ec7bcb0115b73f73f3c01@%3Cusers.trafficserver.apache.org%3E
Copyright	Copyright (C) 2018 Greenbone Networks GmbH