Vulnerability Details CVE-2018-8022
A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.08
EPSS Ranking 91.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/bid/105183
- https://github.com/apache/trafficserver/pull/2147
- https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a9508198d966b1%40%3Cusers.trafficserver.apache.org%3E
- http://www.securityfocus.com/bid/105183
- https://github.com/apache/trafficserver/pull/2147
- https://lists.apache.org/thread.html/ce404d2fe16cc59085ece5a6236ccd1549def471a2a9508198d966b1%40%3Cusers.trafficserver.apache.org%3E
Products affected by CVE-2018-8022
-
cpe:2.3:a:apache:traffic_server:6.0.0
-
cpe:2.3:a:apache:traffic_server:6.0.3
-
cpe:2.3:a:apache:traffic_server:6.1.0
-
cpe:2.3:a:apache:traffic_server:6.1.1
-
cpe:2.3:a:apache:traffic_server:6.2.0
-
cpe:2.3:a:apache:traffic_server:6.2.1
-
cpe:2.3:a:apache:traffic_server:6.2.2