Traffic Control Security Vulnerabilities and Issues — Traffic Control CVE List

Lucene search

ApacheTraffic Control

3 matches found

CVE•added 2021/10/12 8:15 a.m.•52 views

CVE-2021-42009

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. ...

4.3CVSS4.5AI score0.00652EPSS

CVE•added 2021/11/11 1:15 p.m.•47 views

CVE-2021-43350

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

9.8CVSS9.5AI score0.01707EPSS

CVE•added 2021/01/26 6:15 p.m.•37 views

CVE-2020-17522

When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are pote...

5.8CVSS5.6AI score0.02875EPSS