ByteOS Network

NVD Vulnerability Details :

CVE-2018-8005

Modified

Source-security@apache.org

Published At-29 Aug, 2018 | 13:29

Updated At-07 Nov, 2023 | 03:01

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

The Apache Software Foundation

>>traffic_server>>Versions from 6.0.0(inclusive) to 6.2.2(inclusive)

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

The Apache Software Foundation

>>traffic_server>>Versions from 7.0.0(inclusive) to 7.1.3(inclusive)

cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*

Debian GNU/Linux

>>debian_linux>>9.0

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-400	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/105187	security@apache.org	Third Party Advisory VDB Entry
https://github.com/apache/trafficserver/pull/3106	security@apache.org	Third Party Advisory
https://github.com/apache/trafficserver/pull/3124	security@apache.org	Third Party Advisory
https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca%40%3Cusers.trafficserver.apache.org%3E	security@apache.org	N/A
https://www.debian.org/security/2018/dsa-4282	security@apache.org	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History