Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2963

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2963
Last Modified 05 Sep 2008 04:53:06
Published 13 Oct 2005 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2963

Summary

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

Vulnerable Systems

Application

  • Mod Auth Shadow 1.0

  • Mod Auth Shadow 1.1

  • Mod Auth Shadow 1.2

  • Mod Auth Shadow 1.3

  • Mod Auth Shadow 1.4

  • Mod Auth Shadow 1.5

  • Mod Auth Shadow 2.0


References

XF - modauthshadow-require-group-bypass-security(22520)

DEBIAN - DSA-844

SECUNIA - 17060

BID - 15224

OSVDB - 19863

SECUNIA - 17348

SECUNIA - 17067

MANDRIVA - MDKSA-2005:200

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789


Last Updated: 27 May 2016 10:40:42