b2b-daily
Home | IT | Cyber Security

Critical SQL Injection Flaw Patched in Apache Traffic Control Update

Avatar photo
by Tailor Jackson
December 26, 2024
Critical SQL Injection Flaw Patched in Apache Traffic Control Update

In a significant effort to address a critical security flaw, the Apache Software Foundation (ASF) has released a patch for a vulnerability in Apache Traffic Control, an open-source Content Delivery Network (CDN) project. This vulnerability, identified as CVE-2024-45387, has been assigned an alarming severity score of 9.9 out of 10 on the Common Vulnerability Scoring System (CVSS). The flaw allows a privileged user with roles such as ‘admin,’ ‘federation,’ ‘operations,’ ‘portal,’ or ‘steering’ to execute arbitrary SQL commands in the database through a specially crafted PUT request. The discovery was made by Yuan Luo from Tencent YunDing Security Lab, prompting a response from ASF to mitigate the risk.

In response to the identified threat, ASF promptly issued a patch included in the updated version 8.0.2 of Apache Traffic Control. The swift action was crucial to secure the framework against potential malicious exploitation. The nature of the flaw enables those with specific roles more control than intended, compromising the database’s integrity. Such a severe vulnerability underscores the importance of maintaining updated software systems and vigilant security practices within organizations relying on Apache Traffic Control for their content delivery needs. The update to version 8.0.2 is strongly advised for all users to safeguard their systems effectively.

Alongside the fix for Apache Traffic Control, ASF has recently addressed other critical security issues within its ecosystem. This includes an authentication bypass flaw in Apache HugeGraph-Server, identified as CVE-2024-43441 and resolved in version 1.5.0. Additionally, a remote code execution vulnerability found in Apache Tomcat, CVE-2024-56337, has been rectified. These updates reflect ASF’s ongoing commitment to enhancing the security and resilience of its software offerings.

Users are urged to swiftly upgrade their Apache Traffic Control installations to the latest version 8.0.2, ensure Apache HugeGraph-Server is updated to version 1.5.0, and verify their Apache Tomcat installations are current. The persistent emergence of security vulnerabilities highlights the necessity for continuous vigilance and timely software updates to protect against evolving cybersecurity threats. Proactive measures and attention to security advisories are essential in maintaining robust defenses against potential exploits.

Information Security

Explore more

Paypercut Raises €5 Million to Streamline CEE Payments
June 4, 2026

The financial architecture across Central and Eastern Europe has long remained a patchwork of disparate national systems, creating significant friction for businesses attempting to operate across multiple borders simultaneously. This logistical nightmare often results in delayed settlements, exorbitant conversion fees, and a general lack of transparency that stifles the growth of emerging digital enterprises in the region. Paypercut recently secured

Autonomous AI Agents Drive the Next Finance Transformation
June 4, 2026

The traditional boundaries of corporate accounting have dissolved as autonomous desktop agents transition from experimental pilot programs into the operational backbone of modern finance departments. In this current landscape, the reliance on manual data entry and static spreadsheet management has been replaced by sophisticated digital entities capable of executing complex tasks with minimal human intervention. Unlike the rigid robotic process

Is BitMine Using the MicroStrategy Playbook for Ethereum?
June 4, 2026

The sudden pivot of corporate treasury strategies toward high-yield digital assets has fundamentally redefined how institutional investors evaluate the intrinsic value of publicly traded mining firms during this current market cycle. While the historical precedent was set by firms focusing exclusively on Bitcoin, the emergence of Ethereum as a primary reserve asset signals a significant shift in the risk appetite

Which Accounting Software Is Best for Your Startup’s Growth?
June 4, 2026

The difference between a startup that achieves market dominance and one that fades into obscurity often comes down to the precision of its financial architecture and how clearly leadership understands cash flow dynamics. While a revolutionary product or a visionary marketing strategy can spark initial interest, the long-term viability of a venture is anchored in its ability to manage capital

Can Enterprise Security Keep Pace With Generative AI?
June 4, 2026

The global digital infrastructure is currently witnessing an unprecedented evolution as generative artificial intelligence transitions from a novelty into a core enterprise utility, yet this rapid adoption has simultaneously equipped cybercriminals with sophisticated tools that outpace traditional security measures. Organizations in 2026 find themselves at a critical juncture where the speed of deployment often exceeds the speed of defense, creating