Candidate: CVE-2018-8004
PublicDate: 2018-08-29 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8004
 http://www.openwall.com/lists/oss-security/2018/08/29/5
 https://github.com/apache/trafficserver/pull/3192
 https://github.com/apache/trafficserver/pull/3201
 https://github.com/apache/trafficserver/pull/3231
 https://github.com/apache/trafficserver/pull/3251
 https://github.com/apache/trafficserver/commit/05d734c773900dd589480ff07572c0d7db7c3d44
 https://github.com/apache/trafficserver/commit/9659d12a21cf1870c2790fdd5acab712ed87f16e
 https://github.com/apache/trafficserver/commit/2616e580de7d66b9098c464d503a049c7814e35a
 https://github.com/apache/trafficserver/commit/3d2fdab8b0606bc8b35006f7aeb73729d364b333
Description:
 There are multiple HTTP smuggling and cache poisoning issues when clients
 making malicious requests interact with Apache Traffic Server (ATS). This
 affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue
 users running 6.x should upgrade to 6.2.3 or later versions and 7.x users
 should upgrade to 7.1.4 or later versions.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [6.5 MEDIUM]


Patches_trafficserver:
upstream_trafficserver: released (7.1.4+ds-1)
precise/esm_trafficserver: DNE
trusty_trafficserver: ignored (reached end-of-life)
trusty/esm_trafficserver: DNE (trusty was needs-triage)
xenial_trafficserver: ignored (end of standard support, was needed)
bionic_trafficserver: needed
cosmic_trafficserver: not-affected (7.1.4+ds-1)
disco_trafficserver: not-affected (7.1.4+ds-1)
eoan_trafficserver: not-affected (7.1.4+ds-1)
focal_trafficserver: not-affected (7.1.4+ds-1)
groovy_trafficserver: not-affected (7.1.4+ds-1)
hirsute_trafficserver: not-affected (7.1.4+ds-1)
impish_trafficserver: not-affected (7.1.4+ds-1)
jammy_trafficserver: not-affected (7.1.4+ds-1)
devel_trafficserver: not-affected (7.1.4+ds-1)