HKCert
  

Apache Traffic Server Host Header Buffer Overflow Vulnerability

Release Date: 27 / 03 / 2012
Last Update: 27 / 03 / 2012
Criticality Level:  


A vulnerability has been identified in Apache Traffic Server, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error when parsing the "Host" HTTP header and can be exploited to cause a heap-based buffer overflow via a specially crafted header. Successful exploitation may allow execution of arbitrary code.

  • Remote Code Execution
  • Apache Traffic Server 3.1.x
  • Apache Traffic Server 3.0.x

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 3.0.4 or 3.1.3.