cbcvebase.
CVE-2024-45387
published 2024-12-23

CVE-2024-45387: An SQL injection vulnerability in Traffic Ops in Apache Traffic Control = 8.0.0 allows a privileged user with role "admin", "federation", "operations"…

PriorityP271high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
41.84%
98.5th percentile
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control = 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops.

Affected

3 ranges
VendorProductVersion rangeFixed in
apachetraffic_control>= 8.0.0 < 8.0.28.0.2
apache_software_foundationapache_traffic_control8.0.0 – 8.0.1
github.comapache_trafficcontrol_v8>= 8.0.0 < 8.0.28.0.2

Detection & IOCsextracted from sources · hover to see the quote

otherPUT request with crafted SQL payload to Traffic Ops
  • Check Point IPS signature available for this CVE: 'Apache Traffic Control SQL Injection (CVE-2024-45387)'
  • Detect specially crafted HTTP PUT requests targeting Traffic Ops endpoints in Apache Traffic Control versions 8.0.0–8.0.1; SQL injection payloads delivered via PUT request body
  • Monitor for privileged Traffic Ops user roles ('admin', 'federation', 'operations', 'portal', 'steering') issuing anomalous PUT requests that may contain SQL metacharacters or injection patterns
  • ·Vulnerability only affects Apache Traffic Control (Traffic Ops) versions 8.0.0 and 8.0.1; versions 7.x and below are NOT impacted
  • ·Exploitation requires a privileged authenticated user account; not exploitable by unauthenticated or low-privileged users
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.