Apache Traffic Server HTTP Host Header Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Apache Traffic Server and is prone to denial of service vulnerability.

Impact

Successful exploitation may allow remote attackers to cause the application to crash, creating a denial of service condition. Impact Level: System/Application

Solution

Upgrade to Apache Traffic Server 3.0.4 or 3.1.3 or later, For updates refer to http://trafficserver.apache.org/downloads

Insight

The flaw is due to an improper allocation of heap memory when processing HTTP request with a large 'HOST' header value and can be exploited to cause a denial of service via a specially crafted packet.

Affected

Apache Traffic Server 2.0.x, 3.0.x before 3.0.4, 3.1.x before 3.1.3

References

http://mail-archives.apache.org/mod_mbox/www-announce/201203.mbox/%3C4F6B6649.9000507@apache.org%3E
http://seclists.org/bugtraq/2012/Mar/117
http://seclists.org/fulldisclosure/2012/Mar/260
http://securitytracker.com/id/1026847
https://secunia.com/advisories/48509/
https://www.cert.fi/en/reports/2012/vulnerability612884.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0256
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ArGoSoft FTP Server XCWD Overflow
Firefox XUL Parsing Denial of Service Vulnerability (Linux)
Apple Safari Denial Of Service Vulnerability - Jul09
Comodo Internet Security Denial of Service Vulnerability-05
freeFTPD PORT Command Denial of Service Vulnerability

Apache Traffic Server HTTP Host Header Denial of Service Vulnerability

Take action and discover your vulnerabilities