The Apache Software Foundation (ASF) has released a security advisory for a critical SQL injection vulnerability in Apache Traffic Control.
The Apache Software Foundation (ASF) has released a security advisory for a critical SQL injection vulnerability in Apache Traffic Control. Apache Traffic Control, an open-source platform widely used to manage large-scale content delivery networks (CDNs).
The vulnerability identified as CVE-2024-45387 affects software versions 8.0.0 through 8.0.1 and has been assigned a CVSS score of 9.9, indicating high severity and potential to compromise system confidentiality, integrity, and availability.
According to ASF, the flaw resides in Traffic Ops, a key component of Apache Traffic Control. It allows privileged users with roles such as admin, federation, operations, portal, or steering to execute arbitrary SQL commands against the database by sending specially crafted PUT requests.
The SQL injection vulnerability in Apache Traffic Control (CVE-2024-45387) poses a significant threat with severe consequences if exploited. These include unauthorised access to sensitive database information, manipulation or deletion of data, privilege escalation within the system, and full compromise of the infrastructure, which could disrupt content delivery network operations entirely.
The Apache Software Foundation has issued a patch to address the critical SQL injection vulnerability (CVE-2024-45387) in version 8.0.2 of Apache Traffic Control. Users operating affected versions should take immediate action to address this issue by upgrading to the latest version to mitigate the risk of exploitation.
Yuan Luo from Tencent YunDing Security Lab has identified the critical SQL injection vulnerability in Apache Traffic Control, reinforcing the lab’s dedication to cybersecurity advancements.
Organisations using Apache Traffic Control are strongly encouraged to prioritise applying the patch or other mitigations to protect against potential attacks. Given the severity of the vulnerability and the potential for significant impact, swift action is essential to secure the affected systems.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.