PT-2005-3806 · Apache · Mod Auth Shadow

David Herselman

Published

2005-10-13

Updated

2017-07-11

CVE-2005-2963

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mod auth shadow module versions 1.0 through 1.5 and version 2.0

Description The issue allows remote authenticated users to bypass security restrictions due to the mod auth shadow module using shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified.

Recommendations For mod auth shadow module versions 1.0 through 1.5 and version 2.0, consider disabling the AuthShadow feature until a patch is available to prevent the bypassing of security restrictions.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2963

DSA-844-1

Affected Products

Mod Auth Shadow

PT-2005-3806 · Apache · Mod Auth Shadow

CVE-2005-2963

Related Identifiers

Affected Products

References · 10