Apache Traffic Server CVE-2018-8004 Multiple Security Vulnerabilities

Bugtraq ID:	105192
Class:	Design Error
CVE:	CVE-2018-8004
Remote:	Yes
Local:	No
Published:	Aug 28 2018 12:00AM
Updated:	Aug 28 2018 12:00AM
Credit:	Régis Leroy
Vulnerable:	Apache Traffic Server 7.1.3 Apache Traffic Server 7.1.2 Apache Traffic Server 7.1.1 Apache Traffic Server 7.0 Apache Traffic Server 6.2.2 Apache Traffic Server 6.2.1 Apache Traffic Server 6.2 Apache Traffic Server 6.1 Apache Traffic Server 6.0
Not Vulnerable:	Apache Traffic Server 7.1.4 Apache Traffic Server 6.2.3

Apache Traffic Server CVE-2018-8004 Multiple Security Vulnerabilities

Apache Traffic Server is prone to following vulnerabilities:

1. Multiple cache poisoning vulnerabilities
2. Multiple HTTP response-splitting vulnerabilities

Attackers can leverage these issues to manipulate cache data and influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.

The following versions are vulnerable:

Apache Traffic server 6.0.0 through 6.2.2
Apache Traffic server 7.0.0 through 7.1.3

Apache Traffic Server CVE-2018-8004 Multiple Security Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Apache Traffic Server CVE-2018-8004 Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apache Traffic Server CVE-2018-8004 Multiple Security Vulnerabilities

References:

• Apache Traffic Server Homepage (Apache Software Foundation)
  
• CVE-2018-8004: Apache Traffic Server vulnerability with multiple HTTP smuggling (Apache)
  
• Close the connection when returning a 400 error response #3201 (Github)
  
• Drain the request body if there is a cache hit #3251 (Github)
  
• Validate Content-Length headers for incoming requests #3231 (Github)
  
• Return 400 if there is whitespace after the field name and before the colon (Github)