Get discounts worth $1000 on our cybersecurity services

Critical SQL Injection in Apache Traffic Control Vulnerability: CVE-2024-45387

Critical SQL Injection in Apache Traffic Control Vulnerability CVE-2024-45387

Table of Contents

Recently, The Apache Software Foundation (ASF) announced vital security updates for fixing a critical SQL injection vulnerability in Traffic Control which is a commonly used tool for Content Delivery Networks (CDN). This vulnerability, on successful exploitation, could permit attackers to execute arbitrary SQL commands potentially compromising the database.

This vulnerability has been rated with the utmost severity at 9.9 on CVSS because of its dangerous nature and has been assigned CVE-2024-45387. Apache Traffic Control versions 8.0.0 and 8.0.1 are under this vulnerability.

An attacker on behalf of a privileged user having roles like ‘admin,’ ‘federation,’ ‘operations,’ ‘portal,’ or ‘steering’ can make the application state compromised by sending a specially crafted PUT request that allows the user to execute arbitrary SQL commands.

Penetration Testing Cost

As of June 2018, Apache Traffic Control, a cutting-edge open-source Content Delivery Network (CDN) implementation, was promoted to a top-level project by the ASF.

The vulnerability, located by Yuan Luo, a researcher for Tencent YunDing Security Lab, has been patched up in Apache Traffic Control version 8.0.2. This patch comes on the heels of ASF’s most recent major fix for Apache Tomcat (CVE-2024-56337), which may lead to remote code execution under certain conditions, as well as an authentication bypass vulnerability patch in Apache HugeGraph-Server (CVE-2024-43441)-related problems.

At Bluefire Redteam, we are committed to staying ahead of emerging security threats, ensuring your systems remain secure. We recommend that all users promptly update their Apache Traffic Control instances to the latest version to protect against potential exploitation.

With Bluefire Redteam’s expert guidance, your organization can confidently navigate the evolving cybersecurity landscape. Stay proactive, stay secure.

Get started Instantly!

Detect Vulnerabilities and Remediate in Real-Time.

Subscribe to our newsletter now and reveal a free cybersecurity assessment that will level up your security.

  • Instant access.
  • Limited-time offer.
  • 100% free.

🎉 You’ve Unlocked Your Cybersecurity Reward

Your exclusive reward includes premium resources and a $1,000 service credit—reserved just for you. We’ve sent you an email with all the details.

What’s Inside

The 2025 Cybersecurity Readiness Toolkit
(A step-by-step guide and checklist to strengthen your defenses.)

$1,000 Service Credit Voucher
(Available for qualified businesses only)

Get started in no time!