CVE-2012-0256
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
Known Affected Software
19 configuration(s) from 1 vendor(s)
traffic_server
Version:
2.1.9
CPE:
cpe:2.3:a:apache:traffic_server:2.1.9:*:*:*:*:*:*:*
traffic_server
Version:
2.1.5
CPE:
cpe:2.3:a:apache:traffic_server:2.1.5:*:*:*:*:*:*:*
traffic_server
Version:
3.1.2
CPE:
cpe:2.3:a:apache:traffic_server:3.1.2:*:*:*:*:*:*:*
traffic_server
Version:
2.1.7
CPE:
cpe:2.3:a:apache:traffic_server:2.1.7:*:*:*:*:*:*:*
traffic_server
Version:
2.0.1
CPE:
cpe:2.3:a:apache:traffic_server:2.0.1:*:*:*:*:*:*:*
traffic_server
Version:
2.1.1
CPE:
cpe:2.3:a:apache:traffic_server:2.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.0.1
CPE:
cpe:2.3:a:apache:traffic_server:3.0.1:*:*:*:*:*:*:*
traffic_server
Version:
2.1.6
CPE:
cpe:2.3:a:apache:traffic_server:2.1.6:*:*:*:*:*:*:*
traffic_server
Version:
3.0.0
CPE:
cpe:2.3:a:apache:traffic_server:3.0.0:*:*:*:*:*:*:*
traffic_server
Version:
2.1.8
CPE:
cpe:2.3:a:apache:traffic_server:2.1.8:*:*:*:*:*:*:*
traffic_server
Version:
2.1.4
CPE:
cpe:2.3:a:apache:traffic_server:2.1.4:*:*:*:*:*:*:*
traffic_server
Version:
2.1.2
CPE:
cpe:2.3:a:apache:traffic_server:2.1.2:*:*:*:*:*:*:*
traffic_server
Version:
2.1.3
CPE:
cpe:2.3:a:apache:traffic_server:2.1.3:*:*:*:*:*:*:*
traffic_server
Version:
3.1.1
CPE:
cpe:2.3:a:apache:traffic_server:3.1.1:*:*:*:*:*:*:*
traffic_server
Version:
3.0.2
CPE:
cpe:2.3:a:apache:traffic_server:3.0.2:*:*:*:*:*:*:*
traffic_server
Version:
2.0.0
CPE:
cpe:2.3:a:apache:traffic_server:2.0.0:alpha:*:*:*:*:*:*
traffic_server
Version:
3.1.0
CPE:
cpe:2.3:a:apache:traffic_server:3.1.0:*:*:*:*:*:*:*
traffic_server
Version:
3.0.3
CPE:
cpe:2.3:a:apache:traffic_server:3.0.3:*:*:*:*:*:*:*
traffic_server
Version:
2.1.0
CPE:
cpe:2.3:a:apache:traffic_server:2.1.0:*:*:*:*:*:*:*
This vulnerability affects 19 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.htmlcret@cert.org
-
http://seclists.org/fulldisclosure/2012/Mar/260cret@cert.org
-
http://trafficserver.apache.org/downloadscret@cert.org Patch
-
http://www.securityfocus.com/bid/52696cret@cert.org
-
http://www.securitytracker.com/id?1026847cret@cert.org
-
https://www.cert.fi/en/reports/2012/vulnerability612884.htmlcret@cert.org
-
http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.htmlaf854a3a-2127-422b-91ae-364da2661108
-
http://seclists.org/fulldisclosure/2012/Mar/260af854a3a-2127-422b-91ae-364da2661108
-
http://trafficserver.apache.org/downloadsaf854a3a-2127-422b-91ae-364da2661108 Patch
-
http://www.securityfocus.com/bid/52696af854a3a-2127-422b-91ae-364da2661108
-
http://www.securitytracker.com/id?1026847af854a3a-2127-422b-91ae-364da2661108
-
https://www.cert.fi/en/reports/2012/vulnerability612884.htmlaf854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-119
Top 25 #17
Improper Restriction of Operations within the Bounds of a Memory Buffer
- Description
- The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to…
- Exploit Likelihood
- High
- Typical Severity
- High
- Abstraction Level
- Class
Key Information
- Published Date
- March 26, 2012
