 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.141411 |
| Kategorie: | Web application abuses |
| Titel: | Apache Traffic Server (ATS) Multiple Vulnerabilities (Aug 2018) |
| Zusammenfassung: | Apache Traffic Server (ATS) is prone to multiple vulnerabilities. |
| Beschreibung: | Summary: Apache Traffic Server (ATS) is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2018-1318: Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. - CVE-2018-8004: Multiple HTTP smuggling and cache poisoning issues when clients making malicious requests. - CVE-2018-8005: When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. - CVE-2018-8040: Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. Affected Software/OS: Apache Traffic Server version 6.0.0 through 6.2.2 and 7.0.0 through 7.1.3. Solution: Update to version 6.2.3, 7.1.4 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-1318 BugTraq ID: 105176 http://www.securityfocus.com/bid/105176 Debian Security Information: DSA-4282 (Google Search) https://www.debian.org/security/2018/dsa-4282 https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8004 BugTraq ID: 105192 http://www.securityfocus.com/bid/105192 https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8005 BugTraq ID: 105187 http://www.securityfocus.com/bid/105187 https://lists.apache.org/thread.html/55d225af92887bfed0194400fd1b718622cca4140fc7318d982e25ca@%3Cusers.trafficserver.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-8040 BugTraq ID: 105181 http://www.securityfocus.com/bid/105181 https://lists.apache.org/thread.html/36b3df68fe7311965f6bc4630ca413d2aa99d8f1d53affda85ea70d7@%3Cusers.trafficserver.apache.org%3E https://lists.apache.org/thread.html/cc7aa2ce1c6f4fe0c6bfef517763cdaad30ec7bcb0115b73f73f3c01@%3Cusers.trafficserver.apache.org%3E |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |