Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Traffic Server < 7.0.0 Multiple Vulnerabilities

Critical

Synopsis

The remote caching server is outdated and affected by multiple attack vectors.

Description

Apache Traffic Server versions prior to 7.0.0 are affected by the following vulnerabilities :

- A flaw exists in 'iocore/net/SSLCertLookup.cc' that is triggered as hostnames are not properly matched in wildcards in SSL certificates. This may allow a man-in-the-middle attacker to spoof valid certificates. (OSVDB 147138) - An out-of-bounds read flaw exists in the slow logging functionality in the 'HttpSM::update_stats()' function in 'proxy/http/HttpSM.cc'. This may allow an attacker to have an unspecified impact that may potentially include causing a denial of service or disclosing sensitive information. (OSVDB 147139) - A use-after-free error exists in the 'HttpSM::get_http_schedule()' function in 'proxy/http/HttpSM.cc'. The issue is triggered when handling 'pending_action'. This may allow a remote attacker to dereference already freed memory and cause a denial of service. (OSVDB 147140) - A flaw exists in the 'HttpTunnel::consumer_handler()' function in 'proxy/http/HttpTunnel.cc' that is triggered when handling compressed client requests when the GZIP plugin is enabled. This may allow a remote attacker to cause a denial of service. (OSVDB 147141) - A flaw exists in the 'ProxyClientTransaction::new_transaction()' function in 'proxy/ProxyClientTransaction.cc' that is triggered during the handling of HTTP/2 traffic. This may allow a remote attacker to terminate the connection. (OSVDB 147043) - A flaw exists in the 'Http2ClientSession::state_start_frame_read()' function in 'proxy/http2/Http2ClientSession.cc' that is triggered during the handling of HTTP/2 traffic. This may allow a remote attacker to terminate the connection. (OSVDB 147044) - An out-of-bounds read flaw exists in the 'ProxyClientSession::ssn_hook_get()' function in '/proxy/InkAPI.cc' that may allow a remote attacker to have an unspecified impact that may potentially include crashing the server or disclosing sensitive information. (OSVDB 147045) - An out-of-bounds read flaw exists in the 'LogConfig::update_space_used()' function in 'proxy/logging/LogConfig.cc' that may allow an attacker to have an unspecified impact that may potentially include crashing the server or disclosing sensitive information. (OSVDB 147046) - An uninitialized read flaw exists in the 'SDK_API_HttpTxnTransform()' function in 'proxy/InkAPITestTool.cc' that is triggered by an off-by-one flaw in the response buffer in 'synclient_txn_read_response'. This can allow a remote attacker to have an unspecified impact. (OSVDB 147047) - A flaw exists in the 'get_effective_host()' function in 'plugins/experimental/remap_stats/remap_stats.c' related to unchecked return values. This may allow a remote attacker to have an unspecified impact. (OSVDB 147048) - An out-of-scope pointer dereference flaw exists in the 'ParentRecord::?Init()' function in 'proxy/ParentSelection.cc' that may allow a remote attacker to cause a denial of service. (OSVDB 147049) - An out-of-bounds read flaw exists in 'cmd/traffic_manager/traffic_manager.cc' that is triggered when handling '-h' arguments, which may allow a local attacker to have an unspecified impact that may potentially include crashing the server or disclosing sensitive information. (OSVDB 147050)

Solution

Upgrade to Apache Traffic Server 7.0.0 or later.