You are here

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

March 27, 2012 - 7:00am

Addthis

PROBLEM:

Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

PLATFORM:

Versions prior to 3.0.4 and 3.1.3

ABSTRACT:

A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions.

reference LINKS:

SecurityTracker Alert ID: 1026847
CVE-2012-0256
Secunia Advisory SA48509

IMPACT ASSESSMENT:

High

Discussion:

A remote user can send a request with a specially crafted 'Host' header value to trigger a heap allocation error and cause the target service to crash.

Impact:

A remote user can cause the target service to crash.

Solution:

The vendor has issued a fix (3.0.4, 3.1.3).

 

Addthis