CVE-2021-43350

Summary

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Traffic ControlTraffic Ops < 6.0.1affected

Weaknesses

  • CWE-90: CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

ADP Enrichment

CVE Program Container

Additional References

References