{"api_version":"1","generated_at":"2026-06-28T21:21:13+00:00","cve":"CVE-2018-1318","urls":{"html":"https://cve.report/CVE-2018-1318","api":"https://cve.report/api/cve/CVE-2018-1318.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-1318","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-1318"},"summary":{"title":"CVE-2018-1318","description":"Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.","state":"PUBLIC","assigner":"security@apache.org","published_at":"2018-08-29 13:29:00","updated_at":"2023-11-07 02:55:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://www.debian.org/security/2018/dsa-4282","name":"DSA-4282","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4282-1 trafficserver","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E","name":"[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318","refsource":"MLIST","tags":["Mailing List","Mitigation","Vendor Advisory"],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2%40%3Cusers.trafficserver.apache.org%3E","name":"[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318","refsource":"","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/105176","name":"105176","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Apache Traffic Server CVE-2018-1318 Denial of Service Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://github.com/apache/trafficserver/pull/3195","name":"https://github.com/apache/trafficserver/pull/3195","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Adds better sanity checks around the method IX by zwoop · Pull Request #3195 · apache/trafficserver · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-1318","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1318","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"1318","vulnerable":"1","versionEndIncluding":"6.2.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"traffic_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1318","vulnerable":"1","versionEndIncluding":"7.1.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"traffic_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"1318","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@apache.org","DATE_PUBLIC":"2018-08-28T00:00:00","ID":"CVE-2018-1318","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apache Traffic Server","version":{"version_data":[{"version_value":"6.0.0 to 6.2.2"},{"version_value":"7.0.0 to 7.1.3"}]}}]},"vendor_name":"Apache Software Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure"}]}]},"references":{"reference_data":[{"name":"https://github.com/apache/trafficserver/pull/3195","refsource":"CONFIRM","url":"https://github.com/apache/trafficserver/pull/3195"},{"name":"105176","refsource":"BID","url":"http://www.securityfocus.com/bid/105176"},{"name":"DSA-4282","refsource":"DEBIAN","url":"https://www.debian.org/security/2018/dsa-4282"},{"name":"[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318","refsource":"MLIST","url":"https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E"}]}},"nvd":{"publishedDate":"2018-08-29 13:29:00","lastModifiedDate":"2023-11-07 02:55:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.2.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.1.3","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"1318","Ordinal":"116634","Title":"CVE-2018-1318","CVE":"CVE-2018-1318","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"1318","Ordinal":"1","NoteData":"Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"1318","Ordinal":"2","NoteData":"2018-08-29","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"1318","Ordinal":"3","NoteData":"2018-09-02","Type":"Other","Title":"Modified"}]}}}