CVE-2019-12405

Summary

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.

Affected Software

VendorProductVersion RangeStatus
ApacheTraffic Control3.0.0 and 3.0.1affected

Weaknesses

  • Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References