thehackernews.com Open in urlscan Pro
2606:4700:20::681a:a75  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.google.com/cse

<form action="https://www.google.com/cse" id="searchform" method="get"><input autocomplete="off" id="s" name="q" placeholder="Search Here..." type="text">
  <input name="cx" type="hidden" value="partner-pub-7983783048239650:3179771210">
</form>

Name: f1 — POST https://inl02.netline.com/rssnews0001/

<form action="https://inl02.netline.com/rssnews0001/" class="clear cf" id="subform" method="post" name="f1" target="_blank">
  <div class="email-box-h3">Get Latest News in Your Inbox</div>
  <p>Get the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free.</p>
  <div class="email-input">
    <input name="_submit" type="hidden" value="0001">
    <input id="brand" name="brand" type="hidden" value="thehackernews">
    <div class="e-book"><input checked="yes" id="opt_001" name="opt_001" type="checkbox" value="Y"><input checked="yes" id="opt_003" name="opt_003" type="checkbox" value="Y"></div><label class="visuallyhidden" for="input-email">Email</label><input
      class="text" id="input-email" name="email" placeholder="Your e-mail address" required="" type="email">
    <button aria-label="Subscribe" id="submitform" type="submit" value="Subscribe"></button>
  </div>
</form>

Text Content

Bits, Bytes, and Breaking News

Followed by 5.20+ million  


 Subscribe – Get Latest News
 *  Home
 *  Newsletter
 *  Webinars

 * Home
 * Data Breaches
 * Cyber Attacks
 * Vulnerabilities
 * Webinars
 * Expert Insights
 * Contact





Resources
 * Webinars
 * THN Store
 * Free eBooks

About Site
 * About THN
 * Jobs
 * Advertise with us


Contact/Tip Us

Reach out to get featured—contact us to send your exclusive story idea,
research, hacks, or ask us a question or leave a comment/feedback!

Follow Us On Social Media
    
 RSS Feeds  Email Alerts  Telegram Channel



CRITICAL SQL INJECTION VULNERABILITY IN APACHE TRAFFIC CONTROL RATED 9.9 CVSS —
PATCH NOW

Dec 25, 2024Ravie LakshmananServer Security / Vulnerability

The Apache Software Foundation (ASF) has shipped security updates to address a
critical security flaw in Traffic Control that, if successfully exploited, could
allow an attacker to execute arbitrary Structured Query Language (SQL) commands
in the database.

The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of
10.0 on the CVSS scoring system.

"An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <=
8.0.1, >= 8.0.0 allows a privileged user with role 'admin,' 'federation,'
'operations,' 'portal,' or 'steering' to execute arbitrary SQL against the
database by sending a specially-crafted PUT request," project maintainers said
in an advisory.

Apache Traffic Control is an open-source implementation of a Content Delivery
Network (CDN). It was announced as a top-level project (TLP) by the AS in June
2018.



Tencent YunDing Security Lab researcher Yuan Luo has been credited with
discovering and reporting the vulnerability. It has been patched in version
Apache Traffic Control 8.0.2.

The development comes as the ASF has resolved an authentication bypass flaw in
Apache HugeGraph-Server (CVE-2024-43441) from versions 1.0 through 1.3. A fix
for the shortcoming has been released in version 1.5.0.

It also follows the release of a patch for an important vulnerability in Apache
Tomcat (CVE-2024-56337) that could result in remote code execution (RCE) under
certain conditions.

Users are recommended to update their instances to the latest versions of the
software to protect against potential threats.



Found this article interesting? Follow us on Twitter  and LinkedIn to read more
exclusive content we post.

SHARE    
Tweet
Share
Share
Share
 Share on Facebook Share on Twitter Share on Linkedin Share on Reddit
Share on Hacker News Share on Email Share on WhatsApp Share on Facebook
Messenger Share on Telegram
SHARE 
ApacheContent Delivery Networkremote code executionSecurity Updatessql
injectionTomcatVulnerability
Trending News
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
Top 10 Cybersecurity Trends to Expect in 2025
Dozens of Chrome Extensions Hacked, Exposing Millions of Users to Data Theft
New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major
Websites
Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and
Documents
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser
Extensions
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri
Privacy Violations
New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect
Privacy
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to
Exploitation
Show More
Popular Resources
Backupify — The Backup Solution: Encrypted, Unlimited, Reliable
Secure Your SaaS Stack and Cut Costs by 25%—Start Your Auvik Trial Now
Intel — Free Tool Every Infosec Pro Needs to Track Trending CVEs
Get Step-by-Step Guide to Kickstarting a Browser Security Program


CYBERSECURITY WEBINARS

Cyber Defense Playbook


THE TOOLS YOU NEED TO COMBAT RANSOMWARE IN 2025

Discover proactive strategies to identify vulnerabilities, block encrypted
threats, and prevent ransomware from infiltrating your network.

Join the Webinar Securing Digital Ecosystems


THE ENTERPRISE GUIDE TO CERTIFICATE AUTOMATION AND BEYOND

Join us to explore DigiCert ONE's advanced tools for automating compliance and
securing DevOps processes.

Sign Up Now
Breaking News

Cybersecurity Resources
Discover How to Make CTEM a Reality in 2025: Download Your Guide Now!
Ensure CTEM success with our latest ebook! Gain practical insights and tips on
how to leverage the XM Cyber platform to make your exposure management strategy
a reality. Download now!
Gain Critical Cybersecurity Skills at SANS Security East Baltimore 2025
Fast, focused, and expert-led courses to boost your career. Join SANS to level
up!
Stop Playing the Hackers' Game Their Way
Organizations are still spending billions of dollars on Firewalls and VPNs—yet
breaches continue to rise. 56% of organizations were attacked because of VPN
vulnerabilities in 2024. It's time for modern security infrastructure with
Zscaler Zero Trust and AI.
Advance in the Field of Cybersecurity with Georgetown
Our Certificate in Cybersecurity Risk Management will give you the skills you
need to lead.
Expert Insights / Articles Videos


SECURING OPEN SOURCE: LESSONS FROM THE SOFTWARE SUPPLY CHAIN REVOLUTION

December 2, 2024 Read ➝


5 STRATEGIES TO COMBAT RANSOMWARE AND ENSURE DATA SECURITY IN MICROSOFT 365

December 2, 2024 Read ➝


DEFENSIBLE SECURITY ARCHITECTURE AND ENGINEERING: DESIGNING AND BUILDING
DEFENSES FOR THE FUTURE

November 25, 2024 Read ➝


BREATHING NEW LIFE INTO A STAGNANT APPSEC

November 14, 2024 Read ➝

Get Latest News in Your Inbox

Get the latest news, expert insights, exclusive resources, and strategies from
industry leaders – all for free.


Email

Connect with us!

925,500 Followers

615,100 Followers

23,100 Subscribers

145,000 Followers

1,890,500 Followers

140,100 Subscribers
Company
 * About THN
 * Advertise with us
 * Contact

Pages
 * Webinars
 * Deals Store
 * Privacy Policy

Deals
 * Hacking
 * Development
 * Android

 RSS Feeds
 Contact Us
© The Hacker News, 2024. All Rights Reserved.