Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.141411 |
Categoría: | Web application abuses |
Título: | Apache Traffic Server (ATS) Multiple Vulnerabilities (Aug 2018) |
Resumen: | Apache Traffic Server (ATS) is prone to multiple vulnerabilities. |
Descripción: | Summary: Apache Traffic Server (ATS) is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2018-1318: Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. - CVE-2018-8004: Multiple HTTP smuggling and cache poisoning issues when clients making malicious requests. - CVE-2018-8005: When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. - CVE-2018-8040: Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. Affected Software/OS: Apache Traffic Server version 6.0.0 through 6.2.2 and 7.0.0 through 7.1.3. Solution: Update to version 6.2.3, 7.1.4 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-1318 BugTraq ID: 105176 http://www.securityfocus.com/bid/105176 Debian Security Information: DSA-4282 (Google Search) https://www.debian.org/security/2018/dsa-4282 https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8004 BugTraq ID: 105192 http://www.securityfocus.com/bid/105192 https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8005 BugTraq ID: 105187 http://www.securityfocus.com/bid/105187 https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8040 BugTraq ID: 105181 http://www.securityfocus.com/bid/105181 https://lists.apache.org/thread.html/36b3df68fe7311965f6bc4630ca413d2aa99d8f1d53affda85ea70d7@%3Cusers.trafficserver.apache.org%3E https://lists.apache.org/thread.html/cc7aa2ce1c6f4fe0c6bfef517763cdaad30ec7bcb0115b73f73f3c01@%3Cusers.trafficserver.apache.org%3E |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |