#VU58115 LDAP injection in Apache Traffic Control
Vulnerability identifier: #VU58115
Vulnerability risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-90
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Apache Traffic Control
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Apache Foundation
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper input validation when processing usernames in Apache Traffic Control Traffic Ops. A remote non-authenticated attacker can send a specially crafted POST request to the /login endpoint of any API version and inject arbitrary content into LDAP filter.
Successful exploitation of the vulnerability may allow an attacker to bypass authentication process and gain unauthorized access to the application.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Apache Traffic Control: 5.0.0 - 6.0.0
External links
http://trafficcontrol.apache.org/security/
http://www.openwall.com/lists/oss-security/2021/11/11/4
http://www.openwall.com/lists/oss-security/2021/11/11/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
