vulnerability
Ubuntu: (CVE-2018-8005): trafficserver vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Aug 29, 2018 | Jun 26, 2025 | Jun 26, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Aug 29, 2018
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
Solution
no-fix-ubuntu-package
References
- CVE-2018-8005
- https://attackerkb.com/topics/CVE-2018-8005
- URL-http://www.openwall.com/lists/oss-security/2018/08/29/4
- URL-https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4
- URL-https://github.com/apache/trafficserver/pull/3106
- URL-https://github.com/apache/trafficserver/pull/3124
- URL-https://www.cve.org/CVERecord?id=CVE-2018-8005
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.