Apache Traffic Server 5.2.0 - 5.3.2 / 6.x < 6.2.2 / 7.x < 7.1.2 TLS Handshake DoS
High Nessus Plugin ID 107228
SynopsisThe remote caching server is affected by an input-validation vulnerability.
DescriptionAccording to its banner, the version of Apache Traffic Server running on the remote host is between 5.2.0 and 5.3.2, 6.x prior to 6.2.2 or 7.x prior to 7.1.2. It is, therefore, affected by a flaw related to handling TLS handshakes that allows a remote attacker to crash the application.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Apache Traffic Server version 6.2.2, 7.1.2 or later.