Apache Traffic

**Name of the Vulnerable Software and Affected Versions** Apache Traffic Control Traffic Ops (affected versions not specified) **Description** The issue exists due to the lack of neutralization of special elements in the LDAP filter of Apache Traffic Control. An unauthenticated user can exploit this by sending a specially-crafted request to the `POST /login` endpoint of any API version, allowing them to inject unsanitized content into the LDAP filter and potentially execute arbitrary commands in the target system. **Recommendations** As a temporary workaround, consider disabling the `POST /login` endpoint until a patch is available. Restrict access to the LDAP filter to minimize the risk of exploitation. Avoid using specially-crafted usernames in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.