cvelist/2018/1xxx/CVE-2018-1318.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2018-08-28T00:00:00",
        "ID": "CVE-2018-1318",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache Traffic Server",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "6.0.0 to 6.2.2"
                                        },
                                        {
                                            "version_value": "7.0.0 to 7.1.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Apache Software Foundation"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Information Disclosure"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/apache/trafficserver/pull/3195",
                "refsource": "CONFIRM",
                "url": "https://github.com/apache/trafficserver/pull/3195"
            },
            {
                "name": "105176",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/105176"
            },
            {
                "name": "DSA-4282",
                "refsource": "DEBIAN",
                "url": "https://www.debian.org/security/2018/dsa-4282"
            },
            {
                "name": "[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318",
                "refsource": "MLIST",
                "url": "https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E"
            }
        ]
    }
}
- Synchronized data. 2017-12-07 15:03:50 -05:00			`{`
"-Synchronized-Data." 2019-03-18 00:12:24 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@apache.org",`
			`"DATE_PUBLIC": "2018-08-28T00:00:00",`
			`"ID": "CVE-2018-1318",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Apache Traffic Server",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "6.0.0 to 6.2.2"`
			`},`
			`{`
			`"version_value": "7.0.0 to 7.1.3"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Apache Software Foundation"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Added submissions from Apache Traffic Server from 2018-08-28. 2018-08-29 08:10:55 -04:00			`{`
"-Synchronized-Data." 2019-03-18 00:12:24 +00:00			`"lang": "eng",`
			`"value": "Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrade to 7.1.4 or later versions."`
- Added submissions from Apache Traffic Server from 2018-08-28. 2018-08-29 08:10:55 -04:00			`}`
"-Synchronized-Data." 2019-03-18 00:12:24 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Information Disclosure"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://github.com/apache/trafficserver/pull/3195",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/apache/trafficserver/pull/3195"`
			`},`
			`{`
			`"name": "105176",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/105176"`
			`},`
			`{`
			`"name": "DSA-4282",`
			`"refsource": "DEBIAN",`
			`"url": "https://www.debian.org/security/2018/dsa-4282"`
			`},`
			`{`
			`"name": "[trafficserver-users] 20180828 [ANNOUNCE] Apache Traffic Server vulnerability with method ACLs - CVE-2018-1318",`
			`"refsource": "MLIST",`
			`"url": "https://lists.apache.org/thread.html/9357cdfb6352f72944411608b712e37196ad9e4bc0f17c4828a26fb2@%3Cusers.trafficserver.apache.org%3E"`
			`}`
			`]`
			`}`
			`}`