Apache Traffic Server 6.x < 6.2.2 / 7.x < 7.1.2 Host Header and Line Folding Vulnerability
Medium Nessus Plugin ID 107227
SynopsisThe remote caching server is affected by an input-validation vulnerability.
DescriptionAccording to its banner, the version of Apache Traffic Server running on the remote host is 6.x prior to 6.2.2 or 7.x prior to 7.1.2. It is, therefore, affected by an input-validation vulnerability related to handling 'Host' headers and line folding that allows a remote attacker to cause the wrong host to be used.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Traffic Server version 6.2.2, 7.1.2 or later.