Описание
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Mailing ListPatchVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListVendor Advisory
- Mailing ListPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.1.0 (включая) до 5.1.3 (исключая)
cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00652
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-20
CWE-20
Связанные уязвимости
EPSS
Процентиль: 70%
0.00652
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-20
CWE-20