Vulnerability Description
A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Traffic Server | >= 6.0.0, <= 6.2.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105183Third Party AdvisoryVDB Entry
- https://github.com/apache/trafficserver/pull/2147PatchThird Party Advisory
- https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a
- http://www.securityfocus.com/bid/105183Third Party AdvisoryVDB Entry
- https://github.com/apache/trafficserver/pull/2147PatchThird Party Advisory
- https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a
FAQ
What is CVE-2018-8022?
CVE-2018-8022 is a vulnerability with a CVSS score of 7.5 (HIGH). A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later vers...
How severe is CVE-2018-8022?
CVE-2018-8022 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8022?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Traffic Server.