Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache Traffic Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2018-11783 - Vulnerability Database
Apache Traffic Server

Apache Traffic Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2018-11783

High
Reference: CVE-2018-11783
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-11783
Title: Apache Traffic Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn39t strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3 7.0.0 to 7.1.5 and 8.0.0 to 8.0.1.