All the vulnerabilites related to Apache Software Foundation - Apache Traffic Control
cve-2017-7670
Vulnerability from cvelistv5
Published
2017-07-10 18:00
Modified
2024-09-16 17:52
Severity ?
EPSS score ?
Summary
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Traffic Control |
Version: 1.8.0 incubating Version: 2.0.0 RC0 incubating |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[users] 20170707 Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20190906 [trafficcontrol-website] branch asf-site updated: Adds CVE-2019-12405 to security page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Traffic Control",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.8.0 incubating"
},
{
"status": "affected",
"version": "2.0.0 RC0 incubating"
}
]
}
],
"datePublic": "2017-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T20:06:13",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[users] 20170707 Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0%40%3Cusers.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20190906 [trafficcontrol-website] branch asf-site updated: Adds CVE-2019-12405 to security page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c%40%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-07T00:00:00",
"ID": "CVE-2017-7670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Traffic Control",
"version": {
"version_data": [
{
"version_value": "1.8.0 incubating"
},
{
"version_value": "2.0.0 RC0 incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[users] 20170707 Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0@%3Cusers.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20190906 [trafficcontrol-website] branch asf-site updated: Adds CVE-2019-12405 to security page",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bb09fc29e9c2ee85b118a3d5748a8a523d30cf691ff8b606c6a1748c@%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8@%3Ccommits.trafficcontrol.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7670",
"datePublished": "2017-07-10T18:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T17:52:59.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45387
Vulnerability from cvelistv5
Published
2024-12-23 15:30
Modified
2024-12-24 01:47
Severity ?
EPSS score ?
Summary
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.
Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Traffic Control |
Version: 8.0.0 ≤ 8.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-12-23T18:03:27.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/23/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T01:47:07.033295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-24T01:47:40.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "traffic_ops",
"product": "Apache Traffic Control",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThan": "8.0.0",
"status": "unaffected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yuan Luo from Tencent YunDing Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn SQL injection vulnerability in Traffic Ops in Apache Traffic Control \u0026lt;= 8.0.1, \u0026gt;= 8.0.0 allows a privileged user with role \"admin\", \"federation\", \"operations\", \"portal\", or \"steering\" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.\u003c/div\u003eUsers are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops."
}
],
"value": "An SQL injection vulnerability in Traffic Ops in Apache Traffic Control \u003c= 8.0.1, \u003e= 8.0.0 allows a privileged user with role \"admin\", \"federation\", \"operations\", \"portal\", or \"steering\" to execute arbitrary SQL against the database by sending a specially-crafted PUT request.\n\nUsers are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T15:30:13.873Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45387",
"datePublished": "2024-12-23T15:30:13.873Z",
"dateReserved": "2024-08-28T18:16:31.298Z",
"dateUpdated": "2024-12-24T01:47:40.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43350
Vulnerability from cvelistv5
Published
2021-11-11 13:00
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://trafficcontrol.apache.org/security/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/11/11/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/11/11/4 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/11/17/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Traffic Control |
Version: Traffic Ops < 6.0.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trafficcontrol.apache.org/security/"
},
{
"name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"
},
{
"name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"
},
{
"name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Traffic Control",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "5.1.4",
"status": "unaffected"
}
],
"lessThan": "6.0.1",
"status": "affected",
"version": "Traffic Ops",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Apache Traffic Control user pupiles."
}
],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter."
}
],
"metrics": [
{
"other": {
"content": {
"other": "critical"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-90",
"description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-17T12:06:08",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trafficcontrol.apache.org/security/"
},
{
"name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"
},
{
"name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"
},
{
"name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LDAP filter injection vulnerability in Traffic Ops",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-43350",
"STATE": "PUBLIC",
"TITLE": "LDAP filter injection vulnerability in Traffic Ops"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Traffic Control",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Traffic Ops",
"version_value": "6.0.1"
},
{
"version_affected": "\u003c",
"version_name": "Traffic Ops",
"version_value": "5.1.4"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Apache Traffic Control user pupiles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "critical"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trafficcontrol.apache.org/security/",
"refsource": "MISC",
"url": "https://trafficcontrol.apache.org/security/"
},
{
"name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"
},
{
"name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"
},
{
"name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-43350",
"datePublished": "2021-11-11T13:00:15",
"dateReserved": "2021-11-03T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-42009
Vulnerability from cvelistv5
Published
2021-10-12 07:40
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Traffic Control |
Version: 4.0.0 < Apache Traffic Control* |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[oss-security] 20211012 CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/12/1"
},
{
"name": "[trafficcontrol-dev] 20211013 Re: CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r78d471d8a4fd268a4c5ae6c47327c09d9d4b4467c31da2c97422febb%40%3Cdev.trafficcontrol.apache.org%3E"
},
{
"name": "[announce] 20211013 Re: CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7dfa9a89b39d06caeeeb7b5cdc41b3493a9b86cc6cfa059d3f349d87%40%3Cannounce.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Traffic Control",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "5.0.0",
"status": "affected"
}
],
"lessThan": "Apache Traffic Control*",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by GitHub\u0027s CodeQL code scanning service."
}
],
"descriptions": [
{
"lang": "en",
"value": "An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Email Injection Vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-13T23:06:11",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[oss-security] 20211012 CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/12/1"
},
{
"name": "[trafficcontrol-dev] 20211013 Re: CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r78d471d8a4fd268a4c5ae6c47327c09d9d4b4467c31da2c97422febb%40%3Cdev.trafficcontrol.apache.org%3E"
},
{
"name": "[announce] 20211013 Re: CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7dfa9a89b39d06caeeeb7b5cdc41b3493a9b86cc6cfa059d3f349d87%40%3Cannounce.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Traffic Control Traffic Ops Email Injection Vulnerability",
"workarounds": [
{
"lang": "en",
"value": "5.1.x users should upgrade to 5.1.3 or 6.0.0.\n4.1.x users should upgrade to 5.1.3."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-42009",
"STATE": "PUBLIC",
"TITLE": "Apache Traffic Control Traffic Ops Email Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Traffic Control",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Apache Traffic Control",
"version_value": "4.0.0"
},
{
"version_affected": "\u003e=",
"version_name": "Apache Traffic Control",
"version_value": "5.0.0"
},
{
"version_affected": "\u003c=",
"version_name": "Apache Traffic Control",
"version_value": "5.1.2 +1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by GitHub\u0027s CodeQL code scanning service."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Email Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/re384fd0f44c6d230f31376153c6e8b59e4a669f927c1533d06d702af%40%3Cdev.trafficcontrol.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rf0481b9e38ece1ece458d3ce7b2d671df819e3555597f31fc34f084e%40%3Ccommits.trafficcontrol.apache.org%3E"
},
{
"name": "[oss-security] 20211012 CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/10/12/1"
},
{
"name": "[trafficcontrol-dev] 20211013 Re: CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r78d471d8a4fd268a4c5ae6c47327c09d9d4b4467c31da2c97422febb@%3Cdev.trafficcontrol.apache.org%3E"
},
{
"name": "[announce] 20211013 Re: CVE-2021-42009: Apache Traffic Control Arbitrary Email Content Insertion in /deliveryservices/request",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7dfa9a89b39d06caeeeb7b5cdc41b3493a9b86cc6cfa059d3f349d87@%3Cannounce.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "5.1.x users should upgrade to 5.1.3 or 6.0.0.\n4.1.x users should upgrade to 5.1.3."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-42009",
"datePublished": "2021-10-12T07:40:11",
"dateReserved": "2021-10-05T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23206
Vulnerability from cvelistv5
Published
2022-02-06 15:15
Modified
2024-08-03 03:36
Severity ?
EPSS score ?
Summary
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Traffic Control |
Version: Traffic Ops < 6.1.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Traffic Control",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "5.1.6",
"status": "unaffected"
}
],
"lessThan": "6.1.0",
"status": "affected",
"version": "Traffic Ops",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Apache Traffic Control would like to thank walkerxiong of SecCoder Security Lab for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-06T15:15:10",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth",
"workarounds": [
{
"lang": "en",
"value": "6.0.x user should upgrade to 6.1.0.\n5.1.x users should upgrade to 5.1.6 or 6.1.0."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-23206",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Traffic Control",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Traffic Ops",
"version_value": "6.1.0"
},
{
"version_affected": "\u003c",
"version_name": "Traffic Ops",
"version_value": "5.1.6"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Apache Traffic Control would like to thank walkerxiong of SecCoder Security Lab for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "6.0.x user should upgrade to 6.1.0.\n5.1.x users should upgrade to 5.1.6 or 6.1.0."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-23206",
"datePublished": "2022-02-06T15:15:10",
"dateReserved": "2022-01-13T00:00:00",
"dateUpdated": "2024-08-03T03:36:20.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}