Skip to main content

Traffic Control

5 CVEs product

Monthly

CVE-2024-45387 Go HIGH PATCH This Week

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Traffic Control
NVD
CVSS 3.1
8.8
EPSS
41.8%
CVE-2021-43350 Go CRITICAL PATCH Act Now

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection LDAP Traffic Control
NVD
CVSS 3.1
9.8
EPSS
4.4%
CVE-2021-42009 Go MEDIUM PATCH This Month

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Traffic Control
NVD
CVSS 3.1
4.3
EPSS
2.7%
CVE-2019-12405 Go CRITICAL PATCH Act Now

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Traffic Control
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2017-7670 Go HIGH PATCH This Week

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Apache Traffic Control
NVD
CVSS 3.0
7.5
EPSS
1.7%
EPSS 42% CVSS 8.8
HIGH PATCH This Week

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Traffic Control
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection LDAP +1
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Traffic Control
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apache Traffic Control
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Apache Traffic Control
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy