Apache Traffic_control

8 CVEs affecting Apache Traffic_control. Latest disclosed: 2025-10-16. Critical: 3, High: 3.

Top CVEs affecting Apache Traffic_control
CVESeverityScorePublishedSummary
CVE-2024-45387Critical9.92024-12-23An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operation…
CVE-2021-43350Critical9.82021-11-11An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version…
CVE-2019-12405Critical9.82019-09-09Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a u…
CVE-2025-61581High7.52025-10-16** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control…
CVE-2022-23206High7.52022-02-06In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST requ…
CVE-2017-7670High7.52017-07-10The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made…
CVE-2020-17522Medium5.82021-01-26When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that a…
CVE-2021-42009Medium4.32021-10-12An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliver…