An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2021-10-12T07:40:11
Updated: 2021-10-13T23:06:11
Reserved: 2021-10-05T00:00:00
Link: CVE-2021-42009
JSON object: View
NVD Information
Status : Modified
Published: 2021-10-12T08:15:06.920
Modified: 2023-11-07T03:39:05.567
Link: CVE-2021-42009
JSON object: View
Redhat Information
No data.
CWE