diff --git a/2018/11xxx/CVE-2018-11783.json b/2018/11xxx/CVE-2018-11783.json index d1bccff54f2..1b881158c34 100644 --- a/2018/11xxx/CVE-2018-11783.json +++ b/2018/11xxx/CVE-2018-11783.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@apache.org", + "DATE_PUBLIC" : "2019-02-12T00:00:00", "ID" : "CVE-2018-11783", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Apache Traffic Server", + "version" : { + "version_data" : [ + { + "version_value" : "Apache Traffic Server 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, 8.0.0 to 8.0.1" + } + ] + } + } + ] + }, + "vendor_name" : "Apache Software Foundation" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Disclosure" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e@%3Cannounce.trafficserver.apache.org%3E" } ] }