Description

An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.

INFO

Published Date :

2024-12-23T15:30:13.873Z

Last Modified :

2024-12-24T01:47:40.228Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45387 vulnerability.

Vendors Products
Apache
  • Traffic Control
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45387.

URL Resource
http://www.openwall.com/lists/oss-security/2024/12/23/3 cve-icon
https://lists.apache.org/thread/t38nk5n7t8w3pb66z7z4pqfzt4443trr cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact