LDAP injection in Apache Traffic Control



Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-43350
CWE-ID CWE-90
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Apache Traffic Control
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor Apache Foundation

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) LDAP injection

EUVDB-ID: #VU58115

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-43350

CWE-ID: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper input validation when processing usernames in Apache Traffic Control Traffic Ops. A remote non-authenticated attacker can send a specially crafted POST request to the /login endpoint of any API version and inject arbitrary content into LDAP filter. 

Successful exploitation of the vulnerability may allow an attacker to bypass authentication process and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Apache Traffic Control: 5.0.0 - 6.0.0

CPE2.3 External links

https://trafficcontrol.apache.org/security/
https://www.openwall.com/lists/oss-security/2021/11/11/4
https://www.openwall.com/lists/oss-security/2021/11/11/3


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###