Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser $_SERVER['HOST'] memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.5 | $0-$5k | 0.00 |
Summary
A vulnerability classified as critical has been found in Apache Traffic Server 3.0.3/3.1.2. Impacted is an unknown function of the component HTTP Header Parser. The manipulation of the argument $_SERVER['HOST'] leads to memory corruption. This vulnerability is referenced as CVE-2012-0256. No exploit is available. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Apache Traffic Server 3.0.3/3.1.2 and classified as very critical. This issue affects some unknown processing of the component HTTP Header Parser. The manipulation of the argument $_SERVER['HOST'] with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
The weakness was published 03/22/2012 by Leif Hedstrom (Codenomicon) with Codenomicon CROSS Project as confirmed mailinglist post (Website) via CERT-FI. It is possible to read the advisory at mail-archives.apache.org. The identification of this vulnerability is CVE-2012-0256 since 12/21/2011. The exploitation is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 03/22/2021).
The vulnerability scanner Nessus provides a plugin with the ID 58593 (Apache Traffic Server 3.0.x < 3.0.4 / 3.1.x < 3.1.3 Host HTTP Header Parsing Remote Overflow), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Web Servers and running in the context l.
Upgrading to version 3.0.4 or 3.1.3 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (74313), Tenable (58593), SecurityFocus (BID 52696†), OSVDB (80571†) and Secunia (SA48509†). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.apache.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.5
VulDB Base Score: 10.0
VulDB Temp Score: 9.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 58593
Nessus Name: Apache Traffic Server 3.0.x < 3.0.4 / 3.1.x < 3.1.3 Host HTTP Header Parsing Remote Overflow
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 71291
OpenVAS Name: FreeBSD Ports: trafficserver
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Traffic Server 3.0.4/3.1.3
Timeline
12/21/2011 🔍03/22/2012 🔍
03/22/2012 🔍
03/23/2012 🔍
03/23/2012 🔍
03/26/2012 🔍
03/26/2012 🔍
03/27/2012 🔍
04/02/2012 🔍
04/04/2012 🔍
04/09/2012 🔍
03/22/2021 🔍
Sources
Vendor: apache.orgAdvisory: mail-archives.apache.org
Researcher: Leif Hedstrom (Codenomicon)
Organization: Codenomicon CROSS Project
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2012-0256 (🔍)
GCVE (CVE): GCVE-0-2012-0256
GCVE (VulDB): GCVE-100-4955
X-Force: 74313
SecurityFocus: 52696 - Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
Secunia: 48509 - Apache Traffic Server Host Header Buffer Overflow Vulnerability, Highly Critical
OSVDB: 80571
SecurityTracker: 1026847 - Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
Vulnerability Center: 34827 - Apache Traffic Server 2.0-3.0.3 and 3.1-3.1.2 Remote DoS Vulnerability via a Long HTTP Host Header, High
Entry
Created: 04/02/2012 15:05Updated: 03/22/2021 11:02
Changes: 04/02/2012 15:05 (72), 04/11/2017 10:35 (15), 03/22/2021 11:02 (2)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.