Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Jan 2015 19:41:21 +1300
From: Matthew Daley <mattd@...fuzz.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE request / advisory: Apache Traffic Server 5.0.0 - 5.1.1

Ping.

On 6 January 2015 at 21:42, Matthew Daley <mattd@...fuzz.com> wrote:
> Hi,
>
> I'd like to request a CVE ID for this issue. It was found in Apache
> Traffic Server (http://trafficserver.apache.org/), an open-source
> caching proxy webserver.
>
> This is the first such request but the issue has been semi-public for
> a few weeks now; this message serves as an advisory as well. (Note
> this probably needs a CVE-2014-* ID)
>
> Affected software: Apache Traffic Server
> Description: Receiving a HTTP TRACE request containing a
> "Max-Forwards" header with a value of "0" will cause the
> traffic_server process to crash with an assertion failure, even in
> release builds.
>
> The parent process, traffic_manager, will restart the traffic_server
> process when it sees that it has crashed. However, it takes several
> seconds before the new process is ready to handle requests, during
> which the server appears unresponsive to the outside world. Also,
> traffic_manager will queue incoming requests until the new process is
> ready to handle them. These queued requests might consist of more of
> the same request that caused the traffic_server process to crash in
> the first place. This allows a remote attacker to perform an effective
> DoS of the server with very little resources by simply sending the
> crashing request repeatedly.
>
> Affected versions: 5.0.0 - 5.1.1 (5.x.x series before 5.1.2)
> Fixed version: 5.1.2
> Bug entry: https://issues.apache.org/jira/browse/TS-3223
> Fix: https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=commit;h=8b5f0345dade6b2822d9b52c8ad12e63011a5c12
> Release notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327089&styleName=Html&projectId=12310963
> Reported by: Matthew Daley
>
> Please let me know if you need any further information.
>
> Thanks,
>
> - Matthew Daley

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ