Back to search
CVE-2020-17522
Published: Jan 26, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture.
| Vendor | Product | Versions |
|---|---|---|
n/a | Apache Traffic Control | affected Traffic Control 3.0.0 to 3.1.0, 4.0.0 to 4.1.0 |
References
[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link
mailing-list
x_refsource_MLIST
[trafficcontrol-commits] 20211011 [trafficcontrol-website] 01/02: Add CVE-2021-42009
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now