7.2 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.7%
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.
/login
www.openwall.com/lists/oss-security/2021/11/11/3
www.openwall.com/lists/oss-security/2021/11/11/4
www.openwall.com/lists/oss-security/2021/11/17/1
github.com/apache/trafficcontrol
nvd.nist.gov/vuln/detail/CVE-2021-43350
trafficcontrol.apache.org/security