Apache Traffic Server Update Closes Important Security Hole

March 26, 2012 By Ali Loney

1 minute read time

March 26, H Security – (International) Apache Traffic Server update closes important security hole. Version 3.0.4 of Apache Traffic Server (ATS), the high-- 18 - performance caching HTTP/1.1 proxy server, has been released, closing a security hole that could be exploited by an attacker to remotely compromise a vulnerable system. An error when parsing a large “Host:” HTTP header can be used to cause a heap-based buffer overflow, which could lead to a denial-of-service condition or the execution of arbitrary code. The vulnerability (CVE-2012-0256) was reported to Apache by Codenomicon via CERT-FI and is rated as “Important.” All 2.0.x versions as well as 3.0.x and 3.1.x up to and including 3.0.3 and 3.1.2 are affected. Upgrading to 3.0.4 fixes the problem. The developers also released an update, version 3.1.3, to the unstable development branch of ATS to fix the security problem and urged all users to upgrade as soon as possible.

Source: http://www.h-online.com/security/news/item/Apache-Traffic-Server-updatecloses-important-security-hole-1479853.html

Tags: security strategy, component vulnerabilities, Application Security, AppSec Spotlight

Written by Ali Loney

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.