Apache Traffic Server Gets Security Update
The update patches a vulnerability that could lead to a denial of service condition.
Version 3.0.4 of Apache Traffic Server was recently released.
"An error when parsing a large 'Host:' HTTP header can be used to cause a heap-based buffer overflow, which could lead to a denial-of-service (DoS) condition or the execution of arbitrary code," The H Security reports. "The vulnerability (CVE-2012-0256) was reported to Apache by Codenomicon via CERT-FI and is rated as 'Important.'"
"All 2.0.x versions as well as 3.0.x and 3.1.x up to and including 3.0.3 and 3.1.2 are affected," the article states. "Upgrading to 3.0.4 fixes the problem."
Go to "Apache Traffic Server update closes important security hole" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.