cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45387,https://securityvulnerability.io/vulnerability/CVE-2024-45387,SQL Injection Vulnerability in Apache Traffic Control,"A vulnerability exists in Traffic Ops of Apache Traffic Control that allows a privileged user with roles such as 'admin', 'federation', 'operations', 'portal', or 'steering' to perform SQL injection attacks. By crafting a specially-designed PUT request, these users can execute arbitrary SQL commands against the database, potentially compromising data integrity and confidentiality. It is essential for users operating susceptible versions of Apache Traffic Control to upgrade to version 8.0.2 to mitigate this risk effectively.",Apache,Apache Traffic Control,9.9,CRITICAL,0.0004299999854993075,false,,true,true,true,2024-12-25T09:18:55.000Z,,true,false,,2024-12-23T15:30:13.873Z,2874
CVE-2022-23206,https://securityvulnerability.io/vulnerability/CVE-2022-23206,Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth,"In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.",Apache,Apache Traffic Control,7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2022-02-06T15:15:10.000Z,0
CVE-2021-43350,https://securityvulnerability.io/vulnerability/CVE-2021-43350,LDAP filter injection vulnerability in Traffic Ops,An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.,Apache,Apache Traffic Control,9.8,CRITICAL,0.008750000037252903,false,,false,false,false,,,false,false,,2021-11-11T13:00:15.000Z,0
CVE-2021-42009,https://securityvulnerability.io/vulnerability/CVE-2021-42009,Apache Traffic Control Traffic Ops Email Injection Vulnerability,"An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.",Apache,Apache Traffic Control,4.3,MEDIUM,0.0008500000112690032,false,,false,false,false,,,false,false,,2021-10-12T07:40:11.000Z,0
CVE-2020-17522,https://securityvulnerability.io/vulnerability/CVE-2020-17522,,"When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.",Apache,Apache Traffic Control,5.8,MEDIUM,0.004129999782890081,false,,false,false,false,,,false,false,,2021-01-26T12:42:07.000Z,0
CVE-2017-7670,https://securityvulnerability.io/vulnerability/CVE-2017-7670,,"The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.",Apache,Apache Traffic Control,7.5,HIGH,0.001829999964684248,false,,false,false,false,,,false,false,,2017-07-10T18:29:00.000Z,0