Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheTraffic Control

7 matches found

CVE
CVEadded 2024/12/23 4:15 p.m.118 views

CVE-2024-45387

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control = 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade ...

9.9CVSS9.8AI score0.37645EPSS
CVE
CVEadded 2022/02/06 4:15 p.m.89 views

CVE-2022-23206

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.

7.5CVSS7.4AI score0.00865EPSS
CVE
CVEadded 2017/07/10 6:29 p.m.75 views

CVE-2017-7670

The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is rest...

7.5CVSS7.4AI score0.01728EPSS
CVE
CVEadded 2021/10/12 8:15 a.m.52 views

CVE-2021-42009

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. ...

4.3CVSS4.5AI score0.00652EPSS
CVE
CVEadded 2021/11/11 1:15 p.m.47 views

CVE-2021-43350

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

9.8CVSS9.5AI score0.01707EPSS
CVE
CVEadded 2019/09/09 5:15 p.m.46 views

CVE-2019-12405

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct pa...

9.8CVSS9.3AI score0.01172EPSS
CVE
CVEadded 2021/01/26 6:15 p.m.37 views

CVE-2020-17522

When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are pote...

5.8CVSS5.6AI score0.02875EPSS