VDB
CVE-2018-1318
CVE-2018-1318
PUBLISHED
Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
EPSS 14.59% · 94.6th percentile
Risk Scores
EPSS Score
14.59%
94.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | trafficserver | 0, 5.3.0-2ubuntu1, 5.3.0-2ubuntu2 |
| Ubuntu:18.04:LTS | trafficserver | 7.1.2+ds-3, 7.0.0-5, 0 |
Timeline
- Aug 29, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- May 12, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
- Nov 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1318 third-party-advisory
- http://www.openwall.com/lists/oss-security/2018/08/29/3 third-party-advisory
- https://github.com/apache/trafficserver/pull/3195 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1318 third-party-advisory