Apache Traffic Server sslheader Plugin CVE-2018-11783 Information Disclosure Vulnerability
BID:107032
CVE-2018-11783 |Info
Apache Traffic Server sslheader Plugin CVE-2018-11783 Information Disclosure Vulnerability
| Bugtraq ID: | 107032 |
| Class: | Configuration Error |
| CVE: |
CVE-2018-11783 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Feb 12 2019 12:00AM |
| Credit: | Bryan Call |
| Vulnerable: |
Apache Traffic Server 8.0.1 Apache Traffic Server 8.0 Apache Traffic Server 7.1.5 Apache Traffic Server 7.1.4 Apache Traffic Server 7.1.3 Apache Traffic Server 7.1.2 Apache Traffic Server 7.1.1 Apache Traffic Server 7.0 Apache Traffic Server 6.2.3 Apache Traffic Server 6.2.2 Apache Traffic Server 6.2.1 Apache Traffic Server 6.2 Apache Traffic Server 6.1 Apache Traffic Server 6.0 |
| Not Vulnerable: |
Apache Traffic Server 8.0.2 Apache Traffic Server 7.1.6 |
Discussion
Apache Traffic Server sslheader Plugin CVE-2018-11783 Information Disclosure Vulnerability
Apache Traffic Server is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
The following versions are affected:
Apache Traffic Server 6.0.0 through 6.2.3
Apache Traffic Server 7.0.0 through 7.1.5
Apache Traffic Server 8.0.0 through 8.0.1
Apache Traffic Server is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
The following versions are affected:
Apache Traffic Server 6.0.0 through 6.2.3
Apache Traffic Server 7.0.0 through 7.1.5
Apache Traffic Server 8.0.0 through 8.0.1
Exploit / POC
Apache Traffic Server sslheader Plugin CVE-2018-11783 Information Disclosure Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apache Traffic Server sslheader Plugin CVE-2018-11783 Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apache Traffic Server sslheader Plugin CVE-2018-11783 Information Disclosure Vulnerability
References:
References: