Apache Traffic Server 3.0.x < 3.0.4 / 3.1.x < 3.1.3 Host HTTP Header Parsing Remote Overflow

high Nessus Plugin ID 58593

Synopsis

The remote caching server is affected by a buffer overflow vulnerability.

Description

According to its banner, the version of Apache Traffic Server running on the remote host is 3.0.x prior to 3.0.4 or 3.1.x prior to 3.1.3. It is, therefore, affected by a heap-based buffer overflow vulnerability when handling malicious HTTP host headers. A remote, unauthenticated attacker can exploit this to execute arbitrary code on the remote host subject to the privileges of the user running the affected application.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Traffic Server 3.0.4 / 3.1.3 or later.

See Also

http://www.nessus.org/u?e58ea94c

https://seclists.org/fulldisclosure/2012/Mar/260

Plugin Details

Severity: High

ID: 58593

File Name: apache_traffic_server_313.nasl

Version: 1.6

Type: remote

Family: Web Servers

Published: 4/4/2012

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:apache:traffic_server

Required KB Items: www/apache_traffic_server

Exploit Ease: No known exploits are available

Patch Publication Date: 3/22/2012

Vulnerability Publication Date: 3/22/2012

Reference Information

CVE: CVE-2012-0256

BID: 52696