PT-2005-3806 · Apache · Mod Auth Shadow

David Herselman

Publicado

2005-10-13

Atualizado

2017-07-11

CVE-2005-2963

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mod auth shadow module versions 1.0 through 1.5 and version 2.0

Description The issue allows remote authenticated users to bypass security restrictions due to the mod auth shadow module using shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified.

Recommendations For mod auth shadow module versions 1.0 through 1.5 and version 2.0, consider disabling the AuthShadow feature until a patch is available to prevent the bypassing of security restrictions.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-2963

DSA-844-1

Produtos afetados

Mod Auth Shadow

PT-2005-3806 · Apache · Mod Auth Shadow

CVE-2005-2963

Identificadores relacionados

Produtos afetados

Referências · 10