Description
Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
Remediation
References
Related Vulnerabilities
WordPress Plugin Events Made Easy SQL Injection (2.2.35)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.78)
WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Request Forgery (2.6.10)
Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2009-3555)