Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.APACHE_TRAFFIC_SERVER_313.NASL
HistoryApr 04, 2012 - 12:00 a.m.

Apache Traffic Server 3.0.x < 3.0.4 / 3.1.x < 3.1.3 Host HTTP Header Parsing Remote Overflow

2012-04-0400:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
19
JSON

According to its banner, the version of Apache Traffic Server running on the remote host is 3.0.x prior to 3.0.4 or 3.1.x prior to 3.1.3. It is, therefore, affected by a heap-based buffer overflow vulnerability when handling malicious HTTP host headers. A remote, unauthenticated attacker can exploit this to execute arbitrary code on the remote host subject to the privileges of the user running the affected application.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(58593);
  script_version("1.6");
  script_cvs_date("Date: 2018/11/15 20:50:25");

  script_cve_id("CVE-2012-0256");
  script_bugtraq_id(52696);

  script_name(english:"Apache Traffic Server 3.0.x < 3.0.4 / 3.1.x < 3.1.3 Host HTTP Header Parsing Remote Overflow");
  script_summary(english:"Checks the version of Apache Traffic Server.");

  script_set_attribute(attribute:"synopsis", value:
"The remote caching server is affected by a buffer overflow
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the version of Apache Traffic Server
running on the remote host is 3.0.x prior to 3.0.4 or 3.1.x prior to
3.1.3. It is, therefore, affected by a heap-based buffer overflow
vulnerability when handling malicious HTTP host headers. A remote,
unauthenticated attacker can exploit this to execute arbitrary code on
the remote host subject to the privileges of the user running the
affected application.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.");
  # https://web.archive.org/web/20120531220750/https://www.cert.fi/en/reports/2012/vulnerability612884.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e58ea94c");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2012/Mar/260");
  script_set_attribute(attribute:"solution", value:"Upgrade to Apache Traffic Server 3.0.4 / 3.1.3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/03/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:traffic_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("apache_traffic_server_version.nasl");
  script_require_keys("www/apache_traffic_server");
  script_require_ports("Services/www", 8080);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

app = 'Apache Traffic Server';
port = get_http_port(default:8080);

# Make sure this is Apache Traffic Server
get_kb_item_or_exit('www/'+port+'/apache_traffic_server');

# Check if we could get a version
version = get_kb_item_or_exit('www/'+port+'/apache_traffic_server/version', exit_code:1);
source = get_kb_item_or_exit('www/'+port+'/apache_traffic_server/source', exit_code:1);

ver = split(version, sep:'.');
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  (ver[0] < 2) ||
  (ver[0] == 2 && ver[1] < 2) ||
  (ver[0] == 3 && ver[1] == 0 && ver[2] < 4) ||
  (ver[0] == 3 && ver[1] == 1 && ver[2] < 3)
)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Version source    : ' + source + 
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 3.0.4 / 3.1.3\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, app, port, version);
VendorProductVersionCPE
apachetraffic_servercpe:/a:apache:traffic_server

Related

openvas 4
securityvulns 2
prion 1
ubuntucve 1
cve 1
debiancve 1
seebug 1
freebsd 1
cvelist 1
nessus 1
openvas
openvas
Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
2012-03-28 00:00:00
FreeBSD Ports: trafficserver
2012-04-30 00:00:00
FreeBSD Ports: trafficserver
2012-04-30 00:00:00
securityvulns
securityvulns
[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256
2012-03-26 00:00:00
Apache Traffic Server DoS
2012-03-26 00:00:00
prion
prion
Design/Logic Flaw
2012-03-26 14:55:00
ubuntucve
ubuntucve
CVE-2012-0256
2012-03-26 00:00:00
cve
cve
CVE-2012-0256
2012-03-26 14:55:00
debiancve
debiancve
CVE-2012-0256
2012-03-26 14:55:00
seebug
seebug
Apache Traffic Server HTTP主机标头处理缓冲区溢出漏洞
2012-03-26 00:00:00
freebsd
freebsd
Apache Traffic Server -- heap overflow vulnerability
2012-03-22 00:00:00
cvelist
cvelist
CVE-2012-0256
2012-03-26 14:00:00
nessus
nessus
FreeBSD : Apache Traffic Server -- heap overflow vulnerability (acab2f88-7490-11e1-865f-00e0814cab4e)
2012-03-26 00:00:00
JSON
Related for APACHE_TRAFFIC_SERVER_313.NASL
openvas4securityvulns2prion1ubuntucve1cve1debiancve1seebug1freebsd1cvelist1nessus1