CVE-2018-11783
Summary
| CVE | CVE-2018-11783 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-07 18:29:00 UTC |
| Updated | 2023-11-07 02:51:00 UTC |
| Description | sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Traffic Server | All | All | All | All |
| Application | Apache | Traffic Server | All | All | All | All |
| Application | Apache | Traffic Server | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Apache Traffic Server sslheader Plugin CVE-2018-11783 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.