An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/11/11/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/11/11/4 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/11/17/1 | Mailing List Third Party Advisory |
https://trafficcontrol.apache.org/security/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2021-11-11T13:00:15
Updated: 2021-11-17T12:06:08
Reserved: 2021-11-03T00:00:00
Link: CVE-2021-43350
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-11T13:15:07.737
Modified: 2022-07-25T10:53:28.707
Link: CVE-2021-43350
JSON object: View
Redhat Information
No data.