CVE-2008-2384

Name of the Vulnerable Software and Affected Versions Apache HTTP Server 2.x with mod-auth-mysql module

Description A SQL injection issue exists in the mod-auth-mysql module for the Apache HTTP Server, specifically in the mod auth mysql.c file. This occurs when the module is configured to use a multibyte character set that permits a backslash as part of the character encoding. As a result, remote attackers can execute arbitrary SQL commands by providing specially crafted inputs in a login request.

Recommendations For Apache HTTP Server 2.x with the mod-auth-mysql module, consider disabling the use of multibyte character sets that allow backslashes until a patch is available. Restrict access to the mod-auth-mysql module to minimize the risk of exploitation. Avoid using the backslash character in login requests to the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.