Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
BID:52696
Info
Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 52696 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2012-0256 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2012 12:00AM |
| Updated: | Mar 23 2012 12:00AM |
| Credit: | Codenomicon CROSS project |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
Apache Traffic Server is prone to a heap-based buffer-overflow vulnerability.
Successful exploits may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
Apache Traffic Server versions prior to 3.0.4 and 3.1.3 are vulnerable.
Apache Traffic Server is prone to a heap-based buffer-overflow vulnerability.
Successful exploits may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
Apache Traffic Server versions prior to 3.0.4 and 3.1.3 are vulnerable.
Solution / Fix
Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
References:
References:
- [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 (Leif Hedstrom)
- Apache Traffic Server Homepage (Apache Software Foundation)
- CERT-FI Advisory on Apache Traffic Server (CERT-FI)