CVE-2021-43350

Published: 11/11/2021 Updated: 25/07/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache traffic control 6.0.1
apache traffic control
apache traffic control 5.1.4

Severity: critical Description: An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter Credit: This issue was discovered by Apache Traffic Control user pupiles References: traffi ...

CORRECTION: This issue was discovered by Apache Traffic Control user zhouxufeng () bytedance com On Thu, 2021-11-11 at 20:45 +0000, Zach Hoffman wrote: ...

Mitigation: 60x users should upgrade to 601 51x users should upgrade to 514 ...

CWE-74 https://trafficcontrol.apache.org/security/http://www.openwall.com/lists/oss-security/2021/11/11/4 http://www.openwall.com/lists/oss-security/2021/11/11/3 http://www.openwall.com/lists/oss-security/2021/11/17/1 https://nvd.nist.gov http://seclists.org/oss-sec/2021/q4/107

CVE-2021-43350

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect