CVE-2021-43350 - OpenCVE

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Traffic Control

Configuration 1 [-]

OR	cpe:2.3:a:apache:traffic_control::::::::
	cpe:2.3:a:apache:traffic_control::::::::
	cpe:2.3:a:apache:traffic_control:5.1.4:rc0::::::
	cpe:2.3:a:apache:traffic_control:6.0.1:rc0::::::

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/11/11/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/11/11/4	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/11/17/1	Mailing List Third Party Advisory
https://trafficcontrol.apache.org/security/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2021-11-11T13:00:15

Updated: 2021-11-17T12:06:08

Reserved: 2021-11-03T00:00:00

Link: CVE-2021-43350

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-11-11T13:15:07.737

Modified: 2022-07-25T10:53:28.707

Link: CVE-2021-43350

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Apache Traffic Control", "vendor": "Apache Software Foundation", "versions": [{"changes": [{"at": "5.1.4", "status": "unaffected"}], "lessThan": "6.0.1", "status": "affected", "version": "Traffic Ops", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered by Apache Traffic Control user pupiles."}], "descriptions": [{"lang": "en", "value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter."}], "metrics": [{"other": {"content": {"other": "critical"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-90", "description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-17T12:06:08", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://trafficcontrol.apache.org/security/"}, {"name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"}, {"name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"}, {"name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"}], "source": {"discovery": "UNKNOWN"}, "title": "LDAP filter injection vulnerability in Traffic Ops", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-43350", "STATE": "PUBLIC", "TITLE": "LDAP filter injection vulnerability in Traffic Ops"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Traffic Control", "version": {"version_data": [{"version_affected": "<", "version_name": "Traffic Ops", "version_value": "6.0.1"}, {"version_affected": "<", "version_name": "Traffic Ops", "version_value": "5.1.4"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered by Apache Traffic Control user pupiles."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "critical"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')"}]}]}, "references": {"reference_data": [{"name": "https://trafficcontrol.apache.org/security/", "refsource": "MISC", "url": "https://trafficcontrol.apache.org/security/"}, {"name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"}, {"name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"}, {"name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-43350", "datePublished": "2021-11-11T13:00:15", "dateReserved": "2021-11-03T00:00:00", "dateUpdated": "2021-11-17T12:06:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC71D2A-2301-4ACA-B811-5CB9F129CAF0", "versionEndExcluding": "5.1.4", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BE19866-63CF-4912-9EF8-6C8C20AB8A56", "versionEndExcluding": "6.0.1", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_control:5.1.4:rc0:*:*:*:*:*:*", "matchCriteriaId": "66E461F0-D618-4EF2-80FE-082998F4D72D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_control:6.0.1:rc0:*:*:*:*:*:*", "matchCriteriaId": "E6052558-0FDC-4DC7-A024-0EE1F32B0F66", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter."}, {"lang": "es", "value": "Un usuario no autenticado de Apache Traffic Control Traffic Ops puede enviar una petici\u00f3n con un nombre de usuario especialmente dise\u00f1ado al endpoint POST /login de cualquier versi\u00f3n de la API para inyectar contenido no desinfectado en el filtro LDAP"}], "id": "CVE-2021-43350", "lastModified": "2022-07-25T10:53:28.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-11T13:15:07.737", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://trafficcontrol.apache.org/security/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-90"}], "source": "security@apache.org", "type": "Secondary"}]}