PT-2001-2495 · Apache · Mod Auth Pgsql Sys+1

Published

2001-08-29

Updated

2017-07-11

CVE-2001-1379

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mod auth pgsql version 0.9.5 mod auth pgsql sys version 0.9.4

Description The issue allows remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name. This can lead to unauthorized access and potential data manipulation.

Recommendations For mod auth pgsql version 0.9.5, update to a version that fixes the SQL injection issue. For mod auth pgsql sys version 0.9.4, update to a version that fixes the SQL injection issue. As a temporary workaround, consider restricting access to the authentication module to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1379

Affected Products

Mod Auth Pgsql

Mod Auth Pgsql Sys

PT-2001-2495 · Apache · Mod Auth Pgsql Sys+1

CVE-2001-1379

Related Identifiers

Affected Products

References · 10