Apache Traffic Control Traffic Router Regular Expression Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Apache Traffic Control's Traffic Router component, all versions. This issue arises from inefficient regular expression processing, allowing users with access to the management interface to introduce malicious patterns that can lead to unavailability. As Apache Traffic Control is a retired project, no fix will be released. Users are advised to seek alternatives or limit access to trusted individuals.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing unavailability of the affected Apache Traffic Control instance.

Added: Oct 16, 2025, 9:17 AM

Updated: Oct 16, 2025, 3:52 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

5.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

5.4

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Traffic Control Traffic Router Regular Expression Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

Apache Traffic Control

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating