About CVE-2022-23206 – Apache (Traffic Control) design weakness (6th Feb, 2022)

Preface: The traditional content distribution network (CDN) can no longer meet the specifications of 5G networks because it requires high bandwidth, low latency and on demand massive connections. The bottlenecks of traditional CDN cannot been resolved the rapidly growth in video traffic, rate, and cost.

Background: Apache Traffic Server™ software is a fast, scalable and extensible HTTP/1.1 and HTTP/2 compliant caching proxy server. Traffic Control is a control plane for a CDN (Content Delivery Network).
In addition to being an HTTP proxy, Apache Traffic Server™ is also an HTTP cache. Traffic Server can cache any octet stream, although it currently supports only those octet streams delivered by the HTTP protocol. When such a stream is cached (along with the HTTP protocol headers) it is termed an object in the cache. Each object is identified by a globally unique value called a cache key.

Traffic Ops is the tool for administration (configuration and monitoring) of all components in a Traffic Control CDN. Traffic Portal uses the Traffic Ops API to manage servers, Cache Groups, Delivery Services, etc.

Vulnerability details: In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.

Weakness Enumeration: CWE-918: Server-Side Request Forgery (SSRF). For possible ways to trigger the specified vulnerability, please refer to the attached image.

Official announcement: https://lists.apache.org/thread/lsrd2mqj29vrvwsh8g0d560vvz8n126f

One thought on “About CVE-2022-23206 – Apache (Traffic Control) design weakness (6th Feb, 2022)”

  1. Cool website!

    My name’s Eric, and I just found your site – antihackingonline.com – while surfing the net. You showed up at the top of the search results, so I checked you out. Looks like what you’re doing is pretty cool.

    But if you don’t mind me asking – after someone like me stumbles across antihackingonline.com, what usually happens?

    Is your site generating leads for your business?

    I’m guessing some, but I also bet you’d like more… studies show that 7 out 10 who land on a site wind up leaving without a trace.

    Not good.

    Here’s a thought – what if there was an easy way for every visitor to “raise their hand” to get a phone call from you INSTANTLY… the second they hit your site and said, “call me now.”

    You can –

    Talk With Web Visitor is a software widget that’s works on your site, ready to capture any visitor’s Name, Email address and Phone Number. It lets you know IMMEDIATELY – so that you can talk to that lead while they’re literally looking over your site.

    CLICK HERE http://jumboleadmagnet.com to try out a Live Demo with Talk With Web Visitor now to see exactly how it works.

    Time is money when it comes to connecting with leads – the difference between contacting someone within 5 minutes versus 30 minutes later can be huge – like 100 times better!

    That’s why we built out our new SMS Text With Lead feature… because once you’ve captured the visitor’s phone number, you can automatically start a text message (SMS) conversation.

    Think about the possibilities – even if you don’t close a deal then and there, you can follow up with text messages for new offers, content links, even just “how you doing?” notes to build a relationship.

    Wouldn’t that be cool?

    CLICK HERE http://jumboleadmagnet.com to discover what Talk With Web Visitor can do for your business.

    You could be converting up to 100X more leads today!
    Eric

    PS: Talk With Web Visitor offers a FREE 14 days trial – and it even includes International Long Distance Calling.
    You have customers waiting to talk with you right now… don’t keep them waiting.
    CLICK HERE http://jumboleadmagnet.com to try Talk With Web Visitor now.

    If you’d like to unsubscribe click here http://jumboleadmagnet.com/unsubscribe.aspx?d=antihackingonline.com

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.