Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2688

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-2688
Last Modified 11 Aug 2011 10:45:18
Published 28 Jul 2011 02:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2688

Summary

SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

Vulnerable Systems

Application

  • Jan Wolter Mod Authnz External 1.0.1

  • Jan Wolter Mod Authnz External 1.0.2

  • Jan Wolter Mod Authnz External 3.1.2

  • Jan Wolter Mod Authnz External 3.2.3

  • Jan Wolter Mod Authnz External 3.2.4

  • Jan Wolter Mod Authnz External 3.2.5


References

MLIST - [oss-security] 20110712 Re: CVE id request: apache mod-auth-external

MLIST - [oss-security] 20110712 CVE id request: apache mod-auth-external

CONFIRM - http://code.google.com/p/mod-auth-external/issues/detail?id=5

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637

MISC - http://anders.fix.no/software/#unix

XF - modauthexternal-mysqlauth-sql-injection(68799)

BID - 48653

DEBIAN - DSA-2279

SECUNIA - 45240


Last Updated: 27 May 2016 10:57:05