Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2384

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2384
Last Modified 07 Mar 2011 10:09:06
Published 22 Jan 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2384

Summary

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.

Vulnerable Systems

Application

  • Joey Schulze Mod Auth Mysql


References

CONFIRM - http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=480238

XF - modauthmysql-multibyte-sql-injection(48163)

VUPEN - ADV-2011-0367

VUPEN - ADV-2009-0226

BID - 33392

REDHAT - RHSA-2010:1002

REDHAT - RHSA-2009:0259

SECUNIA - 43302

SECUNIA - 33627

MLIST - [oss-security] 20090121 mod-auth-mysql: SQL injection

FEDORA - FEDORA-2011-0114

FEDORA - FEDORA-2011-0100

Related Patches

Red Hat 2009:0259-06 RHSA Moderate: mod_auth_mysql security update for RHEL 5 x86


Last Updated: 27 May 2016 10:47:50