cvelist/2018/11xxx/CVE-2018-11783.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2019-02-12T00:00:00",
        "ID": "CVE-2018-11783",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache Traffic Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "Apache Traffic Server 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, 8.0.0 to 8.0.1"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Apache Software Foundation"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Information Disclosure"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "107032",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/107032"
            },
            {
                "name": "[trafficserver-announce] 20190212 [ANNOUNCE] Apache Traffic Server vulnerability with sslheader plugin",
                "refsource": "MLIST",
                "url": "https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e@%3Cannounce.trafficserver.apache.org%3E"
            }
        ]
    }
}
- Synchronized data. 2018-06-05 11:03:57 -04:00			`{`
"-Synchronized-Data." 2019-03-17 22:33:24 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@apache.org",`
			`"DATE_PUBLIC": "2019-02-12T00:00:00",`
			`"ID": "CVE-2018-11783",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Apache Traffic Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "Apache Traffic Server 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, 8.0.0 to 8.0.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Apache Software Foundation"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
adding CVE for the Apache CVE 2019-03-07 12:29:10 -05:00			`{`
"-Synchronized-Data." 2019-03-17 22:33:24 +00:00			`"lang": "eng",`
			`"value": "sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1."`
adding CVE for the Apache CVE 2019-03-07 12:29:10 -05:00			`}`
"-Synchronized-Data." 2019-03-17 22:33:24 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Information Disclosure"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "107032",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/107032"`
			`},`
			`{`
			`"name": "[trafficserver-announce] 20190212 [ANNOUNCE] Apache Traffic Server vulnerability with sslheader plugin",`
			`"refsource": "MLIST",`
			`"url": "https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e@%3Cannounce.trafficserver.apache.org%3E"`
			`}`
			`]`
			`}`
			`}`