VDB
CVE-2018-8005
CVE-2018-8005
PUBLISHED
When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. This can cause performance problems with large objects in cache. This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x users should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
EPSS 6.69% · 91.4th percentile
Risk Scores
EPSS Score
6.69%
91.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | trafficserver | 0, 5.3.0-2ubuntu1, 5.3.0-2ubuntu2 |
| Ubuntu:18.04:LTS | trafficserver | 7.1.2+ds-2build1, 0, * |
Timeline
- Aug 29, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Mar 10, 2023 EPSS Score
- May 12, 2023 EPSS Score
- Jul 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-8005 third-party-advisory
- http://www.openwall.com/lists/oss-security/2018/08/29/4 third-party-advisory
- https://github.com/apache/trafficserver/pull/3106 third-party-advisory
- https://github.com/apache/trafficserver/pull/3124 third-party-advisory
- https://github.com/apache/trafficserver/commit/bbcbb7cf7f25ebfe3a97d792e889de618e41a6a4 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-8005 third-party-advisory