mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
82 lines
3.3 KiB
JSON
82 lines
3.3 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2019-12405",
|
|
"ASSIGNER": "security@apache.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Apache",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Traffic Control",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "3.0.0 and 3.0.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Improper Authentication"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[trafficcontrol-users] 20190906 CVE-2019-12405: Apache Traffic Control LDAP-based authentication vulnerability",
|
|
"url": "https://lists.apache.org/thread.html/e128e9d382f3b0d074e2b597ac58e1d92139394509d81ddbc9e3700e@%3Cusers.trafficcontrol.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://support.f5.com/csp/article/K84141859",
|
|
"url": "https://support.f5.com/csp/article/K84141859"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://support.f5.com/csp/article/K84141859?utm_source=f5support&utm_medium=RSS",
|
|
"url": "https://support.f5.com/csp/article/K84141859?utm_source=f5support&utm_medium=RSS"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[trafficcontrol-commits] 20210616 [trafficcontrol-website] branch asf-site updated: Fix CVE-2020-17522 link",
|
|
"url": "https://lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8@%3Ccommits.trafficcontrol.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[trafficcontrol-commits] 20211011 [trafficcontrol-website] 01/02: Add CVE-2021-42009",
|
|
"url": "https://lists.apache.org/thread.html/rc8bfd7d4f71d61e9193efcd4699eccbab3c202ec1d75ed9d502f08bf@%3Ccommits.trafficcontrol.apache.org%3E"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password."
|
|
}
|
|
]
|
|
}
|
|
} |