← back
CVE-2018-11783

CVE-2018-11783

EPSS 1.9%
sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.
Affected products
Apache Software Foundation · Apache Traffic Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.apache.org/thread.html/4f102f943935476732fb1fb653d687c7b69d29d9792f0d6cf72c505e%40%3Cannounce.trafficserver.apache.org%3Ehttp://www.securityfocus.com/bid/107032