Back to search
CVE-2022-23206
Published: Feb 6, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Traffic Control | affected Traffic Ops - < 6.1.0 |
Weaknesses (CWE)
References
https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now