PT-2018-18375 · Apache · Apache Traffic Server

Publicado

2018-08-29

Atualizado

2019-10-03

CVE-2018-8005

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server versions 6.0.0 through 6.2.2 Apache Traffic Server versions 7.0.0 through 7.1.3

Description: The issue arises when there are multiple ranges in a range request, causing Apache Traffic Server to read the entire object from cache. This can lead to performance problems, particularly with large objects in cache.

Recommendations: For versions 6.0.0 through 6.2.2, upgrade to version 6.2.3 or later. For versions 7.0.0 through 7.1.3, upgrade to version 7.1.4 or later.

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2018-8005

DSA-4282-1

Produtos afetados

Apache Traffic Server

PT-2018-18375 · Apache · Apache Traffic Server

CVE-2018-8005

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23