Apache Traffic Server Remote DNS Cache Poisoning Vulnerability Network Vulnerability

Summary

Apache Traffic Server is prone to a remote DNS cache-poisoning vulnerability. An attacker can exploit this issue to divert data from a legitimate site to an attacker-specified site. Successful exploits will allow the attacker to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of- service attacks. Versions prior to Apache Traffic Server 2.0.1.

Solution

Updates are available. Please see the references for more information.

References

http://www.nth-dimension.org.uk/pub/NDSA20100830.txt.asc
https://issues.apache.org/jira/browse/TS-425
https://www.securityfocus.com/bid/43111

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2952

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)
Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Apple Safari 'javascript: URI' XSS Vulnerability - Sep09

Take action and discover your vulnerabilities