CVE-2018-11783

{"id": "CVE-2018-11783", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-03-07T18:29:00.273", "references": [{"url": "http://www.securityfocus.com/bid/107032", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e%40%3Cannounce.trafficserver.apache.org%3E", "source": "security@apache.org"}, {"url": "http://www.securityfocus.com/bid/107032", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e%40%3Cannounce.trafficserver.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1."}, {"lang": "es", "value": "El plugin sslheaders extrae informaci\u00f3n del certificado del cliente y establece cabeceras en la petici\u00f3n en base a la configuraci\u00f3n de dicho plugin. El plugin no elimina las cabeceras de la petici\u00f3n en algunos casos. Se descubri\u00f3 este fallo en versiones desde la 6.0.0 hasta la 6.0.3, desde la 7.0.0 hasta la 7.1.5 y desde la 8.0.0 hasta la 8.0.1."}], "lastModified": "2024-11-21T03:44:01.707", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DF0EF14-D448-4964-BE05-9C51B5C9744C", "versionEndIncluding": "6.0.3", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "155225D2-ED4B-4CEB-9142-FA483A546D7B", "versionEndIncluding": "7.1.5", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FEDC4B7-B05B-439D-9E88-B6A060A826EE", "versionEndIncluding": "8.0.1", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}