CVE-2018-8005

MEDIUM

Description

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

References

http://www.securityfocus.com/bid/105187

https://github.com/apache/trafficserver/pull/3106

https://github.com/apache/trafficserver/pull/3124

https://lists.apache.org/thread.html/[email protected]%3Cusers.trafficserver.apache.org%3E

https://www.debian.org/security/2018/dsa-4282

Details

Source: MITRE

Published: 2018-08-29

Updated: 2018-10-26

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 3.9

Severity: MEDIUM