Rewterz Threat Alert – Ursnif Banking Trojan – IOC’s
January 25, 2021Rewterz Threat Advisory – Linux Kernel denial of service
January 26, 2021Rewterz Threat Alert – Ursnif Banking Trojan – IOC’s
January 25, 2021Rewterz Threat Advisory – Linux Kernel denial of service
January 26, 2021Severity
Medium
Analysis Summary
CVE-2020-17522
Apache Traffic Control could allow a remote attacker to bypass security restrictions, caused by improper permission assignment when generating ip_allow.config. By sending a specially-crafted request, an attacker could exploit this vulnerability to push arbitrary content into and remove arbitrary content from CDN cache servers.
Impact
Security bypass
Affected Vendors
Apache
Affected Products
- Apache Traffic Control 3.0.0
- Apache Traffic Control 3.1.0
- Apache Traffic Control 4.0.0
- Apache Traffic Control 4.1.0
Remediation
Upgrade to the latest version of Traffic Control (4.1.1, 5.0.0 or later)