CVE-2010-1151

Sažetak

Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html
http://secunia.com/advisories/39823
http://www.mandriva.com/security/advisories?name=MDVSA-2010:081
http://www.securityfocus.com/bid/39538
http://www.vupen.com/english/advisories/2010/0908
http://www.vupen.com/english/advisories/2010/1148
https://bugzilla.redhat.com/show_bug.cgi?id=578168

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

27-05-2010 - 05:49

Objavljeno

20-04-2010 - 16:30