CVE-2012-0256

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html
http://seclists.org/fulldisclosure/2012/Mar/260
http://trafficserver.apache.org/downloads	Patch
http://www.securityfocus.com/bid/52696
http://www.securitytracker.com/id?1026847
https://www.cert.fi/en/reports/2012/vulnerability612884.html
http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html
http://seclists.org/fulldisclosure/2012/Mar/260
http://trafficserver.apache.org/downloads	Patch
http://www.securityfocus.com/bid/52696
http://www.securitytracker.com/id?1026847
https://www.cert.fi/en/reports/2012/vulnerability612884.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:traffic_server:2.0.0:::::::*
	cpe:2.3:a:apache:traffic_server:2.0.0:alpha::::::
	cpe:2.3:a:apache:traffic_server:2.0.1:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.0:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.1:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.2:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.3:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.4:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.5:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.6:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.7:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.8:::::::*
	cpe:2.3:a:apache:traffic_server:2.1.9:::::::*
	cpe:2.3:a:apache:traffic_server:3.0.0:::::::*
	cpe:2.3:a:apache:traffic_server:3.0.1:::::::*
	cpe:2.3:a:apache:traffic_server:3.0.2:::::::*
	cpe:2.3:a:apache:traffic_server:3.0.3:::::::*
	cpe:2.3:a:apache:traffic_server:3.1.0:::::::*
	cpe:2.3:a:apache:traffic_server:3.1.1:::::::*
	cpe:2.3:a:apache:traffic_server:3.1.2:::::::*

History

21 Nov 2024, 01:34

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html -~~	() http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html -
References	~~() http://seclists.org/fulldisclosure/2012/Mar/260 -~~	() http://seclists.org/fulldisclosure/2012/Mar/260 -
References	~~() http://trafficserver.apache.org/downloads - Patch~~	() http://trafficserver.apache.org/downloads - Patch
References	~~() http://www.securityfocus.com/bid/52696 -~~	() http://www.securityfocus.com/bid/52696 -
References	~~() http://www.securitytracker.com/id?1026847 -~~	() http://www.securitytracker.com/id?1026847 -
References	~~() https://www.cert.fi/en/reports/2012/vulnerability612884.html -~~	() https://www.cert.fi/en/reports/2012/vulnerability612884.html -

Information

Published : 2012-03-26 14:55

Updated : 2024-11-21 01:34

NVD link : CVE-2012-0256

Mitre link : CVE-2012-0256

CVE.ORG link : CVE-2012-0256

JSON object : View

Products Affected

apache

traffic_server

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.0 /10