[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Tr
From: Zach Hoffman <zrhoffman () apache ! org>
Date: 2021-11-16 20:51:52
Message-ID: 3ba4a13789030965b7bf6aa7258cfd830db1d63c.camel () apache ! org
[Download RAW message or body]
CORRECTION:
This issue was discovered by Apache Traffic Control user zhouxufeng@bytedance.com.
On Thu, 2021-11-11 at 20:45 +0000, Zach Hoffman wrote:
> Severity: critical
>
> Description:
>
> An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a \
> specially-crafted username to the POST /login endpoint of any API version to inject \
> unsanitized content into the LDAP filter.
>
> Credit:
>
> This issue was discovered by Apache Traffic Control user pupiles.
>
> References:
>
> https://trafficcontrol.apache.org/security/
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic