VYPR
Unrated severityNVD Advisory· Published Mar 7, 2019· Updated Sep 16, 2024

CVE-2018-11783

CVE-2018-11783

Description

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.

Affected products

2
  • Apache/Traffic Serverllm-fuzzy2 versions
    >=6.0.0 <=6.0.3, >=7.0.0 <=7.1.5, >=8.0.0 <=8.0.1+ 1 more
    • (no CPE)range: >=6.0.0 <=6.0.3, >=7.0.0 <=7.1.5, >=8.0.0 <=8.0.1
    • (no CPE)range: Apache Traffic Server 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, 8.0.0 to 8.0.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2018-11783 · VYPR