CVE-2018-1318
Summary
| CVE | CVE-2018-1318 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-29 13:29:00 UTC |
| Updated | 2023-11-07 02:55:00 UTC |
| Description | Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Traffic Server | All | All | All | All |
| Application | Apache | Traffic Server | All | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian -- Security Information -- DSA-4282-1 trafficserver | DEBIAN | www.debian.org | Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Mitigation, Vendor Advisory |
| Pony Mail! | lists.apache.org | ||
| Apache Traffic Server CVE-2018-1318 Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Adds better sanity checks around the method IX by zwoop · Pull Request #3195 · apache/trafficserver · GitHub | CONFIRM | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.