Apache Traffic Server CVE-2018-1318 Denial of Service Vulnerability

Bugtraq ID:	105176
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-1318
Remote:	Yes
Local:	No
Published:	Aug 28 2018 12:00AM
Updated:	Aug 28 2018 12:00AM
Credit:	Bryan Call
Vulnerable:	Apache Traffic Server 7.1.3 Apache Traffic Server 7.1.2 Apache Traffic Server 7.0 Apache Traffic Server 6.2.2 Apache Traffic Server 6.2.1 Apache Traffic Server 6.2 Apache Traffic Server 6.1 Apache Traffic Server 6.0
Not Vulnerable:	Apache Traffic Server 7.1.4 Apache Traffic Server 7.1.1

Apache Traffic Server CVE-2018-1318 Denial of Service Vulnerability

Apache Traffic Server is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

The following products are affected:

Apache Traffic Server 6.0.0 through 6.2.2
Apache Traffic Server 7.0.0 through 7.1.3

Apache Traffic Server CVE-2018-1318 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: <a href="mailto:[email protected]">[email protected]</a>.

Apache Traffic Server CVE-2018-1318 Denial of Service Vulnerability

References:

• Apache Traffic Server Homepage (Apache Software Foundation)
  
• Adds better sanity checks around the method IX (Github)
  
• CVE-2018-1318: Apache Traffic Server vulnerability with method ACLs (Apache)