Apache Traffic Server HTTP Host Header Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Apache Traffic Server and is prone to denial of service vulnerability.

Impact

Successful exploitation may allow remote attackers to cause the application to crash, creating a denial of service condition. Impact Level: System/Application

Solution

Upgrade to Apache Traffic Server 3.0.4 or 3.1.3 or later, For updates refer to http://trafficserver.apache.org/downloads

Insight

The flaw is due to an improper allocation of heap memory when processing HTTP request with a large 'HOST' header value and can be exploited to cause a denial of service via a specially crafted packet.

Affected

Apache Traffic Server 2.0.x, 3.0.x before 3.0.4, 3.1.x before 3.1.3

References

http://mail-archives.apache.org/mod_mbox/www-announce/201203.mbox/%3C4F6B6649.9000507@apache.org%3E
http://seclists.org/bugtraq/2012/Mar/117
http://seclists.org/fulldisclosure/2012/Mar/260
http://securitytracker.com/id/1026847
https://secunia.com/advisories/48509/
https://www.cert.fi/en/reports/2012/vulnerability612884.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0256

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache APR-Utils Multiple Denial of Service Vulnerabilities
ArGoSoft FTP Server XCWD Overflow
FreeSWITCH 'switch_regex.c' Multiple Buffer Overflow Vulnerabilities
Adobe Flash Media Server Remote Denial of Service Vulnerability (August-2011)
Apache Traffic Server HTTP Host Header Denial of Service Vulnerability

Take action and discover your vulnerabilities