vulnerability
Ubuntu: (CVE-2018-8040): trafficserver vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Aug 29, 2018 | Jun 26, 2025 | Jun 26, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Aug 29, 2018
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
Solution
no-fix-ubuntu-package
References
- CVE-2018-8040
- https://attackerkb.com/topics/CVE-2018-8040
- URL-http://www.openwall.com/lists/oss-security/2018/08/29/2
- URL-https://github.com/apache/trafficserver/commit/cea07c03274807c1588dbdf03baa1537d958c92f
- URL-https://github.com/apache/trafficserver/pull/3926
- URL-https://www.cve.org/CVERecord?id=CVE-2018-8040
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.