CVE-2005-2963

Sažetak

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789
http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200
http://secunia.com/advisories/17060/
http://secunia.com/advisories/17067
http://secunia.com/advisories/17348
http://www.debian.org/security/2005/dsa-844
http://www.osvdb.org/19863
http://www.securityfocus.com/bid/15224
https://exchange.xforce.ibmcloud.com/vulnerabilities/22520

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

13-10-2005 - 21:02