Summary
This host is installed with Apache Traffic
Server is prone to remote denial of service vulnerability.
Impact
Successful exploitation will allow remote
attackers to crash the traffic_manager process.
Impact Level: Application.
Solution
Upgrade to version 5.1.2 or later,
For updates refer to http://trafficserver.apache.org
Insight
Flaw is due to an improper handling HTTP
TRACE requests with a 'Max-Forwards' header value of '0'.
Affected
Apache Traffic Server version 5.1.x
before 5.1.2
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-10022 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- IBM WebSphere Application Server Administration Directory Traversal Vulnerability
- Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
- Apache Tomcat Request Object Security Bypass Vulnerability (Win)
- IIS 5.0 Sample App reveals physical path of web root
- Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability