CVE-2021-43350 - OpenCVE

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Traffic Control

Configuration 1 [-]

OR	cpe:2.3:a:apache:traffic_control::::::::
	cpe:2.3:a:apache:traffic_control::::::::
	cpe:2.3:a:apache:traffic_control:5.1.4:rc0::::::
	cpe:2.3:a:apache:traffic_control:6.0.1:rc0::::::

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2021/11/11/3
http://www.openwall.com/lists/oss-security/2021/11/11/4
http://www.openwall.com/lists/oss-security/2021/11/17/1
https://trafficcontrol.apache.org/security/

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-11-11T13:00:15

Updated: 2024-08-04T03:55:28.477Z

Reserved: 2021-11-03T00:00:00

Link: CVE-2021-43350

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-11-11T13:15:07.737

Modified: 2022-07-25T10:53:28.707

Link: CVE-2021-43350

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache Traffic Control", "vendor": "Apache Software Foundation", "versions": [{"changes": [{"at": "5.1.4", "status": "unaffected"}], "lessThan": "6.0.1", "status": "affected", "version": "Traffic Ops", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue was discovered by Apache Traffic Control user pupiles."}], "descriptions": [{"lang": "en", "value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter."}], "metrics": [{"other": {"content": {"other": "critical"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-90", "description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-17T12:06:08", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://trafficcontrol.apache.org/security/"}, {"name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"}, {"name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"}, {"name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"}], "source": {"discovery": "UNKNOWN"}, "title": "LDAP filter injection vulnerability in Traffic Ops", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-43350", "STATE": "PUBLIC", "TITLE": "LDAP filter injection vulnerability in Traffic Ops"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Traffic Control", "version": {"version_data": [{"version_affected": "<", "version_name": "Traffic Ops", "version_value": "6.0.1"}, {"version_affected": "<", "version_name": "Traffic Ops", "version_value": "5.1.4"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "This issue was discovered by Apache Traffic Control user pupiles."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "critical"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')"}]}]}, "references": {"reference_data": [{"name": "https://trafficcontrol.apache.org/security/", "refsource": "MISC", "url": "https://trafficcontrol.apache.org/security/"}, {"name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"}, {"name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"}, {"name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:55:28.477Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://trafficcontrol.apache.org/security/"}, {"name": "[oss-security] 20211111 CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"}, {"name": "[oss-security] 20211111 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"}, {"name": "[oss-security] 20211116 Re: CVE-2021-43350: Apache Traffic Control: LDAP filter injection vulnerability in Traffic Ops", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-43350", "datePublished": "2021-11-11T13:00:15", "dateReserved": "2021-11-03T00:00:00", "dateUpdated": "2024-08-04T03:55:28.477Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC71D2A-2301-4ACA-B811-5CB9F129CAF0", "versionEndExcluding": "5.1.4", "versionStartIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_control:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BE19866-63CF-4912-9EF8-6C8C20AB8A56", "versionEndExcluding": "6.0.1", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_control:5.1.4:rc0:*:*:*:*:*:*", "matchCriteriaId": "66E461F0-D618-4EF2-80FE-082998F4D72D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:traffic_control:6.0.1:rc0:*:*:*:*:*:*", "matchCriteriaId": "E6052558-0FDC-4DC7-A024-0EE1F32B0F66", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter."}, {"lang": "es", "value": "Un usuario no autenticado de Apache Traffic Control Traffic Ops puede enviar una petici\u00f3n con un nombre de usuario especialmente dise\u00f1ado al endpoint POST /login de cualquier versi\u00f3n de la API para inyectar contenido no desinfectado en el filtro LDAP"}], "id": "CVE-2021-43350", "lastModified": "2022-07-25T10:53:28.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-11-11T13:15:07.737", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/3"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/11/11/4"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/11/17/1"}, {"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://trafficcontrol.apache.org/security/"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-90"}], "source": "security@apache.org", "type": "Secondary"}]}