CVE-2019-12405 is a vulnerability in Apache Traffic Control
Published on September 9, 2019

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password.

NVD

Products Associated with CVE-2019-12405

Want to know whenever a new CVE is published for Apache Traffic Control? stack.watch will email you.

Apache Traffic Control

Affected Versions

Apache Traffic Control Version 3.0.0 and 3.0.1 is affected by CVE-2019-12405

Exploit Probability

EPSS

1.17%

Percentile

78.50%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-12405 is a vulnerability in Apache Traffic ControlPublished on September 9, 2019

Products Associated with CVE-2019-12405

Affected Versions

Exploit Probability

CVE-2019-12405 is a vulnerability in Apache Traffic Control
Published on September 9, 2019