An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.
CPE | Name | Operator | Version |
---|---|---|---|
traffic_control | eq | 6.0.1 rc0 | |
traffic_control | ge | 6.0.0 | |
traffic_control | lt | 6.0.1 | |
traffic_control | eq | 5.1.4 rc0 | |
traffic_control | ge | 5.1.0 | |
traffic_control | lt | 5.1.4 |