Published: 13/10/2005 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The mod_auth_shadow module 1.0 up to and including 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mod auth shadow mod auth shadow 1.3
mod auth shadow mod auth shadow 1.4
mod auth shadow mod auth shadow 1.1
mod auth shadow mod auth shadow 1.2
mod auth shadow mod auth shadow 1.5
mod auth shadow mod auth shadow 2.0
mod auth shadow mod auth shadow 1.0

A vulnerability in mod_auth_shadow, an Apache module that lets users perform HTTP authentication against /etc/shadow, has been discovered The module runs for all locations that use the 'require group' directive which would bypass access restrictions controlled by another authorisation mechanism, such as AuthGroupFile file, if the username is liste ...

NVD-CWE-Other http://www.debian.org/security/2005/dsa-844 http://secunia.com/advisories/17060/http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789 http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200 http://www.securityfocus.com/bid/15224 http://secunia.com/advisories/17067 http://secunia.com/advisories/17348 http://www.osvdb.org/19863 https://exchange.xforce.ibmcloud.com/vulnerabilities/22520 https://nvd.nist.gov https://www.debian.org/security/./dsa-844

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-2963

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect