Apache Traffic Control is a distributed and scalable content distribution solution from the Apache Foundation. An LDAP injection vulnerability exists in Apache Traffic Control, which stems from the fact that a user can send a request with a crafted username to any API version of the POST/login endpoint, which can be exploited by a remote attacker to inject unprocessed content into an LDAP filter.