Security Flaw in Apache Traffic Control Allows Unauthorized Access to CDN Cache Content
CVE-2020-17522

5.8MEDIUM

Key Information:

Vendor

Apache
Status
Apache Traffic Control
Vendor
CVE Published:
26 January 2021

What is CVE-2020-17522?

A security flaw exists in Apache Traffic Control that affects versions 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0. The vulnerability occurs when the ip_allow.config files are generated, enabling improper permissions that may allow malicious users to manipulate CDN cache servers. This can permit unauthorized addition or removal of content, and in certain situations, clients with external IP addresses may access permissions that extend beyond the intended network, raising significant security concerns for content delivery and data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Traffic Control Traffic Control 3.0.0 to 3.1.0, 4.0.0 to 4.1.0

References

https://lists.apache.org/thread.html/r3de212a3da73bcf98fa...
x_refsource_MISC
https://lists.apache.org/thread.html/r3c675031ac220b5eae6...
mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc8bfd7d4f71d61e9193...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.