Unrated severityNVD Advisory· Published Mar 7, 2019· Updated Sep 16, 2024
CVE-2018-11783
CVE-2018-11783
Description
sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.
Affected products
2>=6.0.0 <=6.0.3, >=7.0.0 <=7.1.5, >=8.0.0 <=8.0.1+ 1 more
- (no CPE)range: >=6.0.0 <=6.0.3, >=7.0.0 <=7.1.5, >=8.0.0 <=8.0.1
- (no CPE)range: Apache Traffic Server 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, 8.0.0 to 8.0.1
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/107032mitrevdb-entryx_refsource_BID
- lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e%40%3Cannounce.trafficserver.apache.org%3Emitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.