CVE-2018-1318 — Improper Input Validation in Apache Traffic Server

CWE-20 — Improper Input Validation5 documents5 sources

Severity

7.5HIGHNVD

EPSS

14.6%

top 5.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Traffic Server Apache Software Foundation Apache Traffic Server Debian Linux

Timeline

PublishedAug 29

Latest updateMay 14

Description

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/traffic_server6.0.0 — 6.2.2+1

▶CVEListV5apache_software_foundation/apache_traffic_server6.0.0 to 6.2.2, 7.0.0 to 7.1.3+1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-3mf6-hp9h-pxf7: Adding method ACLs in remap↗2022-05-14

▶

CVEList

CVE-2018-1318: Adding method ACLs in remap↗2018-08-29

▶

OSV

CVE-2018-1318: Adding method ACLs in remap↗2018-08-29

▶

📋Vendor Advisories

Debian

CVE-2018-1318: trafficserver - Adding method ACLs in remap.config can cause a segfault when the user makes a ca...↗2018

▶