fbpx

Get a free penetration test now! Start Now

Critical SQL Injection in Apache Traffic Control Vulnerability: CVE-2024-45387

Table of Contents

Get Started in No Time!

Recently, The Apache Software Foundation (ASF) announced vital security updates for fixing a critical SQL injection vulnerability in Traffic Control which is a commonly used tool for Content Delivery Networks (CDN). This vulnerability, on successful exploitation, could permit attackers to execute arbitrary SQL commands potentially compromising the database.

This vulnerability has been rated with the utmost severity at 9.9 on CVSS because of its dangerous nature and has been assigned CVE-2024-45387. Apache Traffic Control versions 8.0.0 and 8.0.1 are under this vulnerability.

An attacker on behalf of a privileged user having roles like ‘admin,’ ‘federation,’ ‘operations,’ ‘portal,’ or ‘steering’ can make the application state compromised by sending a specially crafted PUT request that allows the user to execute arbitrary SQL commands.

Penetration Testing Cost

As of June 2018, Apache Traffic Control, a cutting-edge open-source Content Delivery Network (CDN) implementation, was promoted to a top-level project by the ASF.

The vulnerability, located by Yuan Luo, a researcher for Tencent YunDing Security Lab, has been patched up in Apache Traffic Control version 8.0.2. This patch comes on the heels of ASF’s most recent major fix for Apache Tomcat (CVE-2024-56337), which may lead to remote code execution under certain conditions, as well as an authentication bypass vulnerability patch in Apache HugeGraph-Server (CVE-2024-43441)-related problems.

At Bluefire Redteam, we are committed to staying ahead of emerging security threats, ensuring your systems remain secure. We recommend that all users promptly update their Apache Traffic Control instances to the latest version to protect against potential exploitation.

With Bluefire Redteam’s expert guidance, your organization can confidently navigate the evolving cybersecurity landscape. Stay proactive, stay secure.

Detect Vulnerabilities and Remediate in Real-Time.

What are you looking for?

Let us help you find the right cybersecurity solution for your organisation.