Apache Traffic_control
8 CVEs affecting Apache Traffic_control. Latest disclosed: 2025-10-16. Critical: 3, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-45387 | Critical | 9.9 | 2024-12-23 | An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operation… |
CVE-2021-43350 | Critical | 9.8 | 2021-11-11 | An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version… |
CVE-2019-12405 | Critical | 9.8 | 2019-09-09 | Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a u… |
CVE-2025-61581 | High | 7.5 | 2025-10-16 | ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control… |
CVE-2022-23206 | High | 7.5 | 2022-02-06 | In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST requ… |
CVE-2017-7670 | High | 7.5 | 2017-07-10 | The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made… |
CVE-2020-17522 | Medium | 5.8 | 2021-01-26 | When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that a… |
CVE-2021-42009 | Medium | 4.3 | 2021-10-12 | An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliver… |