Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Traffic Control
APPApache3.0.03.0.1
Powiązane podatności
SQL injection w Apache Traffic Control — eskalacja uprawnień przez Traffic Ops
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted usernam...
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Cont...
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops ...
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris sty...