Vulnerability Description
When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Traffic Server | >= 6.0.0, <= 6.2.2 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105187Third Party AdvisoryVDB Entry
- https://github.com/apache/trafficserver/pull/3106Third Party Advisory
- https://github.com/apache/trafficserver/pull/3124Third Party Advisory
- https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc
- https://www.debian.org/security/2018/dsa-4282Third Party Advisory
- http://www.securityfocus.com/bid/105187Third Party AdvisoryVDB Entry
- https://github.com/apache/trafficserver/pull/3106Third Party Advisory
- https://github.com/apache/trafficserver/pull/3124Third Party Advisory
- https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc
- https://www.debian.org/security/2018/dsa-4282Third Party Advisory
FAQ
What is CVE-2018-8005?
CVE-2018-8005 is a vulnerability with a CVSS score of 5.3 (MEDIUM). When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects ver...
How severe is CVE-2018-8005?
CVE-2018-8005 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8005?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server, Debian Debian Linux.