Apache Traffic Server Host Header Buffer Overflow Vulnerability
Last Update Date:
27 Mar 2012 10:26
Release Date:
27 Mar 2012
5480
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability has been identified in Apache Traffic Server, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error when parsing the "Host" HTTP header and can be exploited to cause a heap-based buffer overflow via a specially crafted header. Successful exploitation may allow execution of arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- Apache Traffic Server 3.1.x
- Apache Traffic Server 3.0.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 3.0.4 or 3.1.3.
Vulnerability Identifier
Source
Related Link
Share with