CVE-2018-1318

MEDIUM

Description

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

References

http://www.securityfocus.com/bid/105176

https://github.com/apache/trafficserver/pull/3195

https://lists.apache.org/thread.html/[email protected]%3Cusers.trafficserver.apache.org%3E

https://www.debian.org/security/2018/dsa-4282

Details

Source: MITRE

Published: 2018-08-29

Updated: 2018-11-07

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH