SQL Injection Vulnerability in Apache Traffic Control
CVE-2024-45387
Key Information:
- Vendor
- Apache
- Status
- Vendor
- CVE Published:
- 23 December 2024
Badges
What is CVE-2024-45387?
CVE-2024-45387 is a critical SQL injection vulnerability discovered in the Apache Traffic Control application, specifically within the Traffic Ops component. This vulnerability affects versions equal to or lower than 8.0.1 and allows privileged usersāthose with admin, federation, operations, portal, or steering rolesāto execute arbitrary SQL commands against the database through crafted PUT requests. If exploited, this vulnerability can lead to unauthorized database access and manipulation, significantly endangering an organizationās data integrity and security posture.
Technical Details
The vulnerability arises from improper handling of input in Apache Traffic Controlās Traffic Ops, permitting a malicious privileged user to execute SQL commands outside of the intended usage context. This SQL injection could be triggered via specially formatted requests, enabling attackers to potentially extract sensitive data, alter database tables, or conduct other harmful database operations. Users of affected versions are advised to upgrade to Apache Traffic Control 8.0.2 to remediate this security issue.
Potential impact of CVE-2024-45387
-
Data Breach: The ability to execute arbitrary SQL queries can lead to unauthorized access to sensitive information stored in the database, resulting in data breaches that could expose personally identifiable information (PII) and other confidential data.
-
Database Manipulation: Attackers could exploit this vulnerability to modify or delete critical data within the database. Such actions can disrupt business operations, corrupt data integrity, and lead to significant downtime.
-
Cascade of Attacks: Once an attacker gains access through compromised privileged accounts, they can leverage the access to escalate privileges further or pivot to different systems within the organization's network, leading to more extensive security incidents.
Affected Version(s)
Apache Traffic Control 8.0.0 <= 8.0.1
Apache Traffic Control 7.0.0 < 8.0.0
Get notified when SecurityVulnerability.io launches alerting š
Well keep you posted š§
News Articles
TheCyberThrone Security Weekly Review ā January 04, 2025
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025. CVE-2024-56512 impacts Apache NiFi CVE-2024-56512 is a security vulnerability identified in Apache NiFi, specifically affec...

Exploit Code released for Apache Traffic Control Flaw CVE-2024-45387
What is CVE-2024-45387? CVE-2024-45387 is a critical vulnerability identified in Apache Traffic Control, specifically affecting the Traffic Ops module in versions 8.0.0 to 8.0.1. The nature of this vulnerability is an SQL injection flaw, which allows an attacker to inject and execute arbitrary SQL c...
Apache fixed a critical SQL Injection in Apache Traffic Control
Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked asĀ CVE-2024-45387, in Apache Traffic Control.
References
EPSS Score
14% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- š
Vulnerability started trending
- š°
Used in Ransomware
- š¾
Exploit known to exist
- š°
First article discovered by Cyber Security News
Vulnerability published
Vulnerability Reserved