2024-12-28 02:05:28 Pacfic
Apache Patches Critical Vulnerabilities - 1d
The Apache Software Foundation has issued critical security updates to address three severe vulnerabilities found in MINA, HugeGraph-Server, and Traffic Control products. These flaws, if exploited, could allow attackers to compromise systems. The most critical bug affects the Traffic Control platform, a web content distribution system, where attackers with admin or operations roles can inject malicious SQL commands by manipulating input fields through PUT requests, potentially leading to data breaches and complete database compromise.
The vulnerability in Traffic Control, identified as CVE-2024-45387, has a severity score of 9.9 and requires immediate patching. The flaw could allow unauthorized access, modification, or deletion of data, severely impacting the integrity and availability of CDN services. Security experts emphasize the urgency of applying the patches due to the significant role these applications play in managing web content and data. Other vulnerabilities have also been addressed, including one in Apache MINA, with a critical score of 10 out of 10, which further highlights the severity of the situation.
ImgSrc: blogger.googleusercontent.com
References:
- The Hacker News - Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now - 2d
- CISO2CISO.COM - Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com - 2d
- Osint10x - Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now - 2d
- Vulnerability Archives - CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control - 2d
- ciso2ciso.com - Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com - 2d
- osint10x.com - Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now - 1d
- securityonline.info - CVE-2024-45387 (CVSS 9.9): Critical SQL Injection Vulnerability Found in Apache Traffic Control - 1d
- @jos1264 - Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now – Source:thehackernews.com - 1d
- CISO2CISO.COM - Apache fixed a critical SQL Injection in Apache Traffic Control – Source: securityaffairs.com - 1d
- Security Archives - Apache fixed a critical SQL Injection in Apache Traffic Control - 1d
- @jos1264 - Apache fixed a critical SQL Injection in Apache Traffic Control – Source: securityaffairs.com - 1d
- Malware Analysis, News and Indicators - Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic Control. - 1d
- SCM feed for Security Strategy, Plan, Budget - Apache fixes Traffic Control bug that attackers could exploit - 1d
- @BleepingComputer - The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. - 1d
- www.bleepingcomputer.com - Apache warns of critical flaws in MINA, HugeGraph, Traffic Control - 22h
Classification:
- HashTags: Apache Vulnerabilities SecurityPatch
- Company: Apache
- Target: Apache Users
- Product: MINA, HugeGraph-Server, Traffic Control
- Feature: Traffic Control bug
- Type: Vulnerability
- Severity: Major