| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> |
| <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> |
| <title>Apache Traffic Control Releases</title> |
| |
| <!-- Boostrap --> |
| <link rel="stylesheet" |
| href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css" |
| integrity="sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4" |
| crossorigin="anonymous"> |
| <script defer src="https://use.fontawesome.com/releases/v5.0.10/js/all.js" |
| integrity="sha384-slN8GvtUJGnv6ca26v8EzVaR9DC58QEwsIk9q1QXdCU8Yu8ck/tL/5szYlBbqmS+" |
| crossorigin="anonymous"></script> |
| <link rel="icon" type="image/png" href="/resources/tc_logo_c_only.png"> |
| |
| </head> |
| <body> |
| <nav class="navbar navbar-expand-lg navbar-dark bg-dark"> |
| <a class="navbar-brand" href="/"> |
| <img id="fluo-img" height="40px" src="/resources/tc_logo_c_only.png" alt="Apache Traffic Control"> |
| </a> |
| <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" |
| aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> |
| <span class="navbar-toggler-icon"></span> |
| </button> |
| |
| <div class="collapse navbar-collapse" id="navbarSupportedContent"> |
| <ul class="navbar-nav mr-auto"> |
| <li class="nav-item"> |
| <a class="nav-link" href="/">Home</a> |
| </li> |
| <li class="nav-item"> |
| <a class="nav-link" href="/releases/">Releases</a> |
| </li> |
| <li class="nav-item"> |
| <a class="nav-link" href="https://traffic-control-cdn.readthedocs.io/en/latest/index.html">Docs</a> |
| </li> |
| <li class="nav-item"> |
| <a class="nav-link" href="https://traffic-control-cdn.readthedocs.io/en/latest/api/index.html">API</a> |
| </li> |
| <li class="nav-item"> |
| <a class="nav-link" href="https://github.com/apache/trafficcontrol/issues">Issues</a> |
| </li> |
| <li class="nav-item"> |
| <a class="nav-link" href="https://github.com/apache/trafficcontrol">Repo</a> |
| </li> |
| <li class="nav-item active"> |
| <a class="nav-link" href="#">Security<span class="sr-only">(current)</span></a> |
| </li> |
| <li class="nav-item dropdown"> |
| <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" |
| aria-haspopup="true" aria-expanded="false"> |
| Community |
| </a> |
| <div class="dropdown-menu" aria-labelledby="navbarDropdown"> |
| <a class="dropdown-item" href="https://s.apache.org/tc-slack-request" target="_blank"><code>#traffic-control</code> on the ASF Slack</a> |
| <a class="dropdown-item" |
| href="https://github.com/apache/trafficcontrol/blob/master/CONTRIBUTING.md">Contributing</a> |
| <a class="dropdown-item" href="/mailing_lists/">Mailing Lists</a> |
| <a class="dropdown-item" href="https://github.com/apache/trafficcontrol/wiki/">Wiki</a> |
| <a class="dropdown-item" href="https://www.youtube.com/channel/UC2zEj6sERinzx8w8uvyRBYg">YouTube</a> |
| <a class="dropdown-item" href="https://twitter.com/trafficctrlcdn">Twitter</a> |
| </div> |
| </li> |
| <li class="nav-item"> |
| <a href="/events/" class="nav-link">Events</a> |
| </li> |
| </ul> |
| |
| <ul class="navbar-nav navbar-right"> |
| |
| <li class="nav-item dropdown"> |
| <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" |
| aria-haspopup="true" aria-expanded="false"> |
| Apache Software Foundation<span class="caret"></span> |
| </a> |
| <div class="dropdown-menu" aria-labelledby="navbarDropdown"> |
| <a class="dropdown-item" href="https://www.apache.org">Apache Homepage</a> |
| <a class="dropdown-item" href="https://www.apache.org/licenses/">License</a> |
| <a class="dropdown-item" href="https://www.apache.org/events/current-event">Events</a> |
| <a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a> |
| <a class="dropdown-item" href="https://www.apache.org/security">ASF Security</a> |
| <a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a> |
| <a class="dropdown-item" href="https://www.apache.org/foundation/policies/conduct">Code of |
| Conduct</a> |
| </div> |
| </li> |
| </ul> |
| </div> |
| </nav> |
| |
| <div class="container"> |
| |
| <h1>Apache Traffic Control - Security Updates</h1> |
| |
| <div class="row"> |
| <div class="col-sm-12"> |
| <div class="card-deck"> |
| <div class="card"> |
| <div class="card-body"> |
| <h4 class="card-title">Past Vulnerabilities</h4> |
| <ul> |
| <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23206">Apache Traffic Control: Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth</a></li> |
| <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43350">CVE-2021-43350: Apache Traffic |
| Control: LDAP filter injection vulnerability in Traffic Ops</a></li> |
| <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42009">CVE-2021-42009: Apache Traffic |
| Control Email Injection Vulnerability</a></li> |
| <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17522">CVE-2020-17522: Apache Traffic |
| Control Mid Tier Cache Manipulation Attack</a></li> |
| <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12405">CVE-2019-12405: Apache Traffic |
| Control LDAP-based authentication vulnerability</a></li> |
| <li><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7670">CVE-2017-7670: Apache Traffic |
| Control Traffic Router Slowloris Denial of Service Vulnerability</a></li> |
| </ul> |
| </p> |
| </div> |
| </div> |
| </div> |
| </div> |
| </div> |
| |
| <br/><br/> |
| <h2>Reporting Vulnerabilities</h2> |
| <p>Please use our private security mailing list, <a href="mailto:security@trafficcontrol.apache.org">security@trafficcontrol.apache.org</a>, |
| to disclose any new vulnerability. Disclosing vulnerabilities privately will allow our project team to analyze |
| the report, identify a fix, and begin the full disclosure process. Please include all relevant information to |
| reproduce the issue, and any known workaround or fix.</p> |
| |
| |
| <!-- Start Footer --> |
| <div class="row"> |
| <div class="col-sm-12 center-block"> |
| <footer> |
| <hr/> |
| <p> |
| <a href="https://www.apache.org/foundation/contributing"> |
| <img src="https://www.apache.org/images/SupportApache-small.png" |
| id="asf-logo" |
| height="100" |
| alt="Apache" |
| class="float-left" |
| style="margin-right: 15px;"></a> |
| |
| Copyright © 2021 <a |
| href="https://www.apache.org">The Apache Software Foundation</a>. |
| Licensed under the <a href="https://www.apache.org/licenses/">Apache License, Version 2.0</a> |
| </p> |
| <p> |
| ApacheĀ®, the names of Apache projects and their logos, and the multicolor feather |
| logo are registered trademarks or trademarks of The Apache Software Foundation |
| in the United States and/or other countries. |
| </p> |
| </footer> |
| </div> |
| </div> |
| </div> |
| |
| <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" |
| integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" |
| crossorigin="anonymous"></script> |
| <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.0/umd/popper.min.js" |
| integrity="sha384-cs/chFZiN24E4KMATLdqdvsezGxaGsi4hLGOzlXwp5UZB1LY//20VyM2taTB4QvJ" |
| crossorigin="anonymous"></script> |
| <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js" |
| integrity="sha384-uefMccjFJAIv6A+rW+L4AHf99KvxDjWSu1z9VI8SKNVmz4sk7buKt/6v9KI65qnm" |
| crossorigin="anonymous"></script> |
| </body> |
| </html> |