CVE-2015-3249

Name of the Vulnerable Software and Affected Versions Apache Traffic Server versions 5.3.x before 5.3.1

Description The issue is related to the experimental HTTP/2 feature, which allows remote attackers to cause a denial of service or possibly execute arbitrary code. This is due to out-of-bounds access in memory, related to the frame handlers array or the set dynamic table size function.

Recommendations For Apache Traffic Server versions 5.3.x before 5.3.1, update to version 5.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the HTTP/2 experimental feature until a patch is available. Restrict access to the frame handlers array and the set dynamic table size function to minimize the risk of exploitation.