Vulnerability Description
Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Traffic Server | >= 6.0.0, <= 6.2.2 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105176Third Party AdvisoryVDB Entry
- https://github.com/apache/trafficserver/pull/3195Third Party Advisory
- https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f
- https://www.debian.org/security/2018/dsa-4282Third Party Advisory
- http://www.securityfocus.com/bid/105176Third Party AdvisoryVDB Entry
- https://github.com/apache/trafficserver/pull/3195Third Party Advisory
- https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f
- https://www.debian.org/security/2018/dsa-4282Third Party Advisory
FAQ
What is CVE-2018-1318?
CVE-2018-1318 is a vulnerability with a CVSS score of 7.5 (HIGH). Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve...
How severe is CVE-2018-1318?
CVE-2018-1318 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1318?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server, Debian Debian Linux.