Apache fixed a critical SQL Injection in Apache Traffic Control

Share:

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control.

The Apache Software Foundation (ASF) released security updates to address a critical security vulnerability, tracked as CVE-2024-45387 (CVSS score 9.9), in Traffic Control.

Traffic Control allows operators to set up a Content Delivery Network to quickly and efficiently deliver content to their users. Traffic Control is a highly distributed, scalable and redundant solution meeting the needs of operators from small to large.

The flaw is an SQL injection vulnerability in Traffic Control (<= 8.0.1, >= 8.0.0), it allows privileged users to execute arbitrary SQL commands.

“An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role “admin”, “federation”, “operations”, “portal”, or “steering” to execute arbitrary SQL against the database by sending a specially-crafted PUT request.” reads the advisory. “Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.”

Traffic Control 7.0.0 before 8.0.0 are not affected by this vulnerability.

The researchers Yuan Luo from Tencent YunDing Security Lab reported the vulnerability.

Early this month, The Apache Software Foundation released a security update to address a “possible remote code execution” flaw in Struts 2 that is related to the OGNL technology.

The remote code execution flaw, tracked as CVE-2020-17530, resides in forced OGNL evaluation when evaluated on raw user input in tag attributes.

Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
12:36 am, Feb 12, 2025
weather icon 4°C
L: 3° | H: 5°
overcast clouds
Humidity: 91 %
Pressure: 1019 mb
Wind: 5 mph NNW
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 100%
Rain Chance: 0%
Visibility: 6 km
Sunrise: 7:20 am
Sunset: 5:09 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
3° | 5°°C 0 mm 0% 5 mph 89 % 1021 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
3° | 6°°C 0 mm 0% 9 mph 87 % 1025 mb 0 mm/h
Fri Feb 14 9:00 pm
weather icon
1° | 6°°C 0 mm 0% 8 mph 81 % 1026 mb 0 mm/h
Sat Feb 15 9:00 pm
weather icon
1° | 6°°C 0 mm 0% 8 mph 85 % 1024 mb 0 mm/h
Sun Feb 16 9:00 pm
weather icon
4° | 8°°C 1 mm 100% 6 mph 95 % 1019 mb 0 mm/h
Today 3:00 am
weather icon
4° | 4°°C 0 mm 0% 3 mph 89 % 1019 mb 0 mm/h
Today 6:00 am
weather icon
4° | 4°°C 0 mm 0% 3 mph 79 % 1018 mb 0 mm/h
Today 9:00 am
weather icon
4° | 4°°C 0 mm 0% 3 mph 76 % 1019 mb 0 mm/h
Today 12:00 pm
weather icon
5° | 5°°C 0 mm 0% 3 mph 68 % 1019 mb 0 mm/h
Today 3:00 pm
weather icon
6° | 6°°C 0 mm 0% 3 mph 71 % 1019 mb 0 mm/h
Today 6:00 pm
weather icon
5° | 5°°C 0 mm 0% 5 mph 76 % 1020 mb 0 mm/h
Today 9:00 pm
weather icon
5° | 5°°C 0 mm 0% 5 mph 78 % 1021 mb 0 mm/h
Tomorrow 12:00 am
weather icon
3° | 3°°C 0 mm 0% 4 mph 87 % 1022 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€92,563.21
-1.97%
Ethereum(ETH)
€2,514.81
-2.70%
Tether(USDT)
€0.96
-0.03%
XRP(XRP)
€2.33
-0.91%
Solana(SOL)
€190.86
-1.86%
USDC(USDC)
€0.97
0.00%
Dogecoin(DOGE)
€0.244078
-1.66%
Shiba Inu(SHIB)
€0.000015
-1.27%
Pepe(PEPE)
€0.000010
-0.89%
Scroll to Top