Apache Traffic Control is a distributed and scalable content distribution solution from the Apache Foundation. Apache Traffic Control Traffic Ops is vulnerable to an input validation error, which is caused when an authenticated Apache Traffic Control Traffic Ops user with portal-level privileges can send a request with a specially crafted email that email is bound by the /deliveryservices/request Traffic Ops endpoint to send an email with arbitrary body text from the Traffic Ops server to an arbitrary email address. No details of the vulnerability are currently available.
CPE | Name | Operator | Version |
---|---|---|---|
Apache Traffic Control >=4.1.0, | lt | 5.1.3 |