Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Traffic Server 4.x < 4.2.0 XSS

Medium

Synopsis

The remote caching server contains a cross-site scripting vulnerability.

Description

Apache Traffic Server versions 4.x prior to 4.2.0 are affected by a cross-site scripting vulnerability due to improperly sanitized user-supplied input. By sending a specially crafted host header, a remote, unauthenticated attacker can execute arbitrary script code in the victim's browser in the context of the affected site.

Solution

Upgrade to Apache Traffic Server 4.2.0 or later.