Product
apache traffic control
8 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-61581
CVE-2024-45387
CVE-2022-23206
CVE-2021-43350
CVE-2021-42009
CVE-2020-17522
CVE-2019-12405
CVE-2017-7670
<= 8.0.2
UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue aff
>= 8.0.0 and < 8.0.2
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "adm
< 5.1.6
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send
>= 5.1.0 and < 5.1.4
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login
>= 4.1.0 and < 5.1.3
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted
>= 3.0.0 and <= 3.1.0
When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those fil
all versions
Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic
<= 1.8.0
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service