首页 - Security - Main Content

ASF Foundation Reveals High-Risk Vulnerability in Traffic Control Component Reported by Tencent's Yunding Lab: SQL Injection Vulnerability

This is the third security issue disclosed by the ASF Foundation recently, focusing mainly on the CVE-2024-45387 vulnerability, reported by researchers from Tencent's Yunding Security Lab.

The vulnerability is located in the Apache Traffic Control component, which is used to establish Content Delivery Networks (CDNs) that deliver content to users quickly and efficiently.

The CVE-2024-45387 vulnerability has a CVSS score of 9.9/10. If exploited successfully, attackers could execute arbitrary Structured Query Language (SQL) commands in the database.

The project maintainers stated in the announcement:

A SQL injection vulnerability exists in Traffic Ops within versions 8.0.0 to 8.0.1 of Apache Traffic Control, allowing privileged users with administrator, federation, operations, portal, and steering roles to execute arbitrary SQL commands in the database by sending specially crafted PUT requests.

Users of this module should immediately upgrade to version 8.0.2, released in October 2024. The delay in disclosing the vulnerability until now was to prevent attackers from reverse-engineering the new version to discover and exploit the vulnerability.

Apache(1)Apache Traffic Control(1)ASF(1)database(5)SQL Injection(1)Vulnerability(26)

Copyright Notice:
Thank you for reading. This article was written by Landian News, and the author is Brook.X. If you wish to repost this article, please include a link to the original: https://landian.news/article/4758.html

{{userData.name}}

ASF Foundation Reveals High-Risk Vulnerability in Traffic Control Component Reported by Tencent's Yunding Lab: SQL Injection Vulnerability

Bypassing the Guard: The Microsoft Defender Flaw Exposed

Microsoft Patches Long-Exploited Web Tagging (MOTV)/LNK Stomping Vulnerability

Apple's HomeKit Vulnerability Exploited by Spy Agencies; Specific Details Yet to Be Disclosed

Chroma, the AI-Native Embedded Database Start-up, Secures $18 Million Seed Funding Boost Amidst AI Boom

South Korean Hacker Group Actively Exploits Vulnerability in WPS, Fixed in Latest Version

Critical Vulnerability in Open-Source File Sharing App ProjectSend Exploited, Users Urged to Upgrade Immediately

Google's Workspace Suite Exposed for Security Flaws and Ignoring User Feedback

Windows TCP/IP Vulnerability Draws Industry Attention: Remote Code Execution Possible with Specially Crafted IPv6 Packets

Researchers Find Downgrade Vulnerability in Windows 10/11 that Can Restore Previously Fixed High-Risk Vulnerabilities

Due to the Massive Threat of the Windows TCP/IP Vulnerability, Researchers Will Not Disclose Details Anytime Soon

MAS v2.9 Update: Your All-In-One Solution to Windows/Office Activation Issues

[Download] Free Virtual Machine Software VMware Workstation Pro v17.6.2 Official Release - No Activation Required

Open Source Virtual Machine Software UTM 4.6.4 Released: Fixes for Windows 11 Black Screen Issues and More

[Updated] The Importance of Data Backup: European Cloud Company Hetzner Deletes All Servers and Data of a Client Without Warning

Linux Kernel 6.13 First Release Candidate (RC1) Launched with Multiple New Features and Improvements

The True God of Permanence! MAS Team Announces Successful Crack of Windows 10 ESU Paid Extension Updates

Interesting Times Ahead: Statistics Show Windows 10 Market Share Still on a Slow Rise

Microsoft Announces the Rollout of Windows 11 24H2 Update to All Eligible Devices

Microsoft's Routine Mishap: Core Recall Feature Compromised After Windows 11 Update

Microsoft States in Blog Post that Windows 11’s TPM 2.0 Requirement is a Non-Negotiable Standard