CVE-2018-11783

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-11783

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11783.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-11783

Related

UBUNTU-CVE-2018-11783

Published

2019-03-07T18:29:00Z

Modified

2025-01-14T07:22:00.332096Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.

References

Affected packages

Debian:11 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.2+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / trafficserver

Package

Name: trafficserver
Purl: pkg:deb/debian/trafficserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.2+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/trafficserver

Affected ranges

Type: GIT
Repo: https://github.com/apache/trafficserver
Events: Introduced

b310e3566f58dd04ec2b15b111ec86ea70e20019

Last affected

503cc110268fc8bd93e68b6c2b000d722e9b75c8

Introduced

6c1c6cf20e7d0e287d697a0f4181436013d17c30

Last affected

f6b2f4103fc9acc5275fdd52bba11153fd2cbe91

Affected versions

8.*

8.0.0

8.0.0-rc4

8.0.1

8.0.1-rc0