VDB

CVE-2018-8004

CVE-2018-8004 PUBLISHED

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.

EPSS 2.59% · 85.9th percentile

Risk Scores

EPSS Score
2.59%
85.9th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTStrafficserver0, 5.3.0-2ubuntu2, 5.3.0-2ubuntu1
Ubuntu:18.04:LTStrafficserver7.1.2+ds-2build1, 0, 7.1.2+ds-3

Timeline

  • CVE Published
  • Nov 12, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 20, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 4, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›