Vulnerabilities > Apache > Traffic Control
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-06 | CVE-2022-23206 | Server-Side Request Forgery (SSRF) vulnerability in Apache Traffic Control In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | 7.5 |
| 2021-11-11 | CVE-2021-43350 | Injection vulnerability in Apache Traffic Control An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter. | 9.8 |
| 2021-10-12 | CVE-2021-42009 | Improper Input Validation vulnerability in Apache Traffic Control An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. | 4.3 |
| 2021-01-26 | CVE-2020-17522 | Incorrect Permission Assignment for Critical Resource vulnerability in Apache Traffic Control When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. | 5.8 |
| 2019-09-09 | CVE-2019-12405 | Improper Authentication vulnerability in Apache Traffic Control 3.0.0/3.0.1 Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. | 9.8 |
| 2017-07-10 | CVE-2017-7670 | Resource Exhaustion vulnerability in Apache Traffic Control The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. | 7.5 |