Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
18 Apr 2022, 16:13
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8@%3Ccommits.trafficcontrol.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (CONFIRM) https://support.f5.com/csp/article/K84141859?utm_source=f5support&utm_medium=RSS - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc8bfd7d4f71d61e9193efcd4699eccbab3c202ec1d75ed9d502f08bf@%3Ccommits.trafficcontrol.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (CONFIRM) https://support.f5.com/csp/article/K84141859 - Third Party Advisory |
12 Oct 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jun 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-09-09 17:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-12405
Mitre link : CVE-2019-12405
CVE.ORG link : CVE-2019-12405
JSON object : View
Products Affected
apache
- traffic_control
CWE
CWE-287
Improper Authentication