Leif Hedstrom

Name of the Vulnerable Software and Affected Versions: Apache Traffic Server version 5.1.x before 5.1.1 Description: The issue allows remote attackers to bypass access restrictions by leveraging the failure to properly tunnel remap requests using the CONNECT method. Recommendations: For Apache Traffic Server version 5.1.x before 5.1.1, update to version 5.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Server versions prior to 2.0.1 Apache Traffic Server versions 2.1.x prior to 2.1.2-unstable **Description** The issue makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response, due to improper choice of DNS source ports and transaction IDs, and improper use of DNS query fields to validate responses. **Recommendations** For Apache Traffic Server versions prior to 2.0.1, update to version 2.0.1 or later. For Apache Traffic Server versions 2.1.x prior to 2.1.2-unstable, update to version 2.1.2-unstable or later.