{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T10:20:52.113","vulnerabilities":[{"cve":{"id":"CVE-2018-8004","sourceIdentifier":"security@apache.org","published":"2018-08-29T13:29:01.873","lastModified":"2024-11-21T04:13:04.397","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). This affects versions 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions."},{"lang":"es","value":"Hay múltiples problemas de \"HTTP smuggling\" y envenenamiento de caché cuando los clientes que realizan peticiones maliciosas interactúan con Apache Traffic Server (ATS). Esto afecta a las versiones desde la 6.0.0 hasta la 6.2.2 y desde la versión 7.0.0 hasta la 7.1.3. Para resolver este problema, los usuarios que ejecutan las versiones 6.x deberían actualizar a la versión 6.2.3 o siguientes; mientras que los usuarios de versiones 7.x deberían actualizar a la versión 7.1.4 o siguientes."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.2.2","matchCriteriaId":"72C208E2-310B-4880-B974-1D5AF04E3990"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndIncluding":"7.1.3","matchCriteriaId":"6B3144FE-55AE-4B27-8B05-C240E8AC4A2B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105192","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/apache/trafficserver/pull/3192","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/apache/trafficserver/pull/3201","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/apache/trafficserver/pull/3231","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/apache/trafficserver/pull/3251","source":"security@apache.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5%40%3Cusers.trafficserver.apache.org%3E","source":"security@apache.org"},{"url":"https://www.debian.org/security/2018/dsa-4282","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/105192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/apache/trafficserver/pull/3192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/apache/trafficserver/pull/3201","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/apache/trafficserver/pull/3231","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/apache/trafficserver/pull/3251","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/7df882eb09029a4460768a61f88a30c9c30c9dc88e9bcc6e19ba24d5%40%3Cusers.trafficserver.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2018/dsa-4282","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}