VDB
DEBIAN-CVE-2018-8040
DEBIAN-CVE-2018-8040
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. This affects Apache Traffic Server (ATS) versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions.
Risk Scores
CVSS v3.0
5.300000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | trafficserver | 0, 0, 0 |
| Debian:11 | trafficserver | 0, 0, 0 |
Timeline
- Aug 29, 2018 CVE Published
- Apr 28, 2026 CVE Updated