March 26, H Security – (International) Apache Traffic Server update closes important security hole. Version 3.0.4 of Apache Traffic Server (ATS), the high-- 18 - performance caching HTTP/1.1 proxy server, has been released, closing a security hole that could be exploited by an attacker to remotely compromise a vulnerable system. An error when parsing a large “Host:” HTTP header can be used to cause a heap-based buffer overflow, which could lead to a denial-of-service condition or the execution of arbitrary code. The vulnerability (CVE-2012-0256) was reported to Apache by Codenomicon via CERT-FI and is rated as “Important.” All 2.0.x versions as well as 3.0.x and 3.1.x up to and including 3.0.3 and 3.1.2 are affected. Upgrading to 3.0.4 fixes the problem. The developers also released an update, version 3.1.3, to the unstable development branch of ATS to fix the security problem and urged all users to upgrade as soon as possible.
Written by Ali Loney
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali Loney