U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

March 27, 2012 - 7:00am

PROBLEM:

Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

PLATFORM:

Versions prior to 3.0.4 and 3.1.3

ABSTRACT:

A vulnerability was reported in Apache Traffic Server. A remote user can cause denial of service conditions.

reference LINKS:

SecurityTracker Alert ID: 1026847
CVE-2012-0256
Secunia Advisory SA48509

IMPACT ASSESSMENT:

High

Discussion:

A remote user can send a request with a specially crafted 'Host' header value to trigger a heap allocation error and cause the target service to crash.

Impact:

A remote user can cause the target service to crash.

Solution:

The vendor has issued a fix (3.0.4, 3.1.3).

Energy.gov

Office of the Chief Information Officer

Office of the Chief Information Officer

All Offices

You are here

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

PROBLEM:

PLATFORM:

ABSTRACT:

reference LINKS:

IMPACT ASSESSMENT:

Discussion:

Impact:

Solution:

JC3 Contact:

Energy.gov

Energy.gov

Office of the Chief Information Officer

Search form

Office of the Chief Information Officer

All Offices

You are here

U-134: Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service

Addthis

PROBLEM:

PLATFORM:

ABSTRACT:

reference LINKS:

IMPACT ASSESSMENT:

Discussion:

Impact:

Solution:

Addthis

Related Articles

JC3 Contact:

Energy.gov