Skip to main content

Apache Traffic Server Host Header Buffer Overflow Vulnerability

Last Update Date: 27 Mar 2012 10:26 Release Date: 27 Mar 2012 5480 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Apache Traffic Server, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error when parsing the "Host" HTTP header and can be exploited to cause a heap-based buffer overflow via a specially crafted header. Successful exploitation may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • Apache Traffic Server 3.1.x
  • Apache Traffic Server 3.0.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 3.0.4 or 3.1.3.

Vulnerability Identifier


Source


Related Link