CVE-2021-42009— Apache Traffic Control Traffic Ops Email Injection Vulnerability

Apache Traffic Control Traffic Ops Email Injection Vulnerability

An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.

N/A

输入验证不恰当

Apache Traffic Control 输入验证错误漏洞

Apache Traffic Control是美国阿帕奇（Apache）基金会的一套分布式、可扩展的内容分发解决方案。该产品主要用于构建大规模内容分发网络。 Apache Traffic Control Traffic Ops存在输入验证错误漏洞，该漏洞源于具有门户级别权限的经过身份验证的 Apache Traffic Control Traffic Ops 用户可以发送带有特制电子邮件的请求，该电子邮件受 /deliveryservices/request Traffic Ops 端点的约束，以从 Tr

N/A

N/A