Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2019-12405

Published: 09/09/2019 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache traffic control 3.0.0

apache traffic control 3.0.1

Mailing Lists

Full Disclosure: CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability
CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability Severity: Critical Vendor: The Apache Software Foundation Versions affected: Traffic Control 300 Traffic Control 301 Description: The Traffic Ops API component of the Apache Traffic Control project is vulnerable to improper authentication when LDAP is enabled Gi ...

References

CWE-287https://support.f5.com/csp/article/K84141859https://lists.apache.org/thread.html/e128e9d382f3b0d074e2b597ac58e1d92139394509d81ddbc9e3700e%40%3Cusers.trafficcontrol.apache.org%3Ehttps://support.f5.com/csp/article/K84141859?utm_source=f5support&%3Butm_medium=RSShttps://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8%40%3Ccommits.trafficcontrol.apache.org%3Ehttps://lists.apache.org/thread.html/rc8bfd7d4f71d61e9193efcd4699eccbab3c202ec1d75ed9d502f08bf%40%3Ccommits.trafficcontrol.apache.org%3Ehttps://nvd.nist.govhttp://seclists.org/oss-sec/2019/q3/200
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook