CVE-2005-2963

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.1:*:*:*:*:*:*:*
cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.2:*:*:*:*:*:*:*
cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.3:*:*:*:*:*:*:*
cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.4:*:*:*:*:*:*:*
cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:00

Type Values Removed Values Added
References () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789 - () http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789 -
References () http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200 - () http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200 -
References () http://secunia.com/advisories/17060/ - Patch, Vendor Advisory () http://secunia.com/advisories/17060/ - Patch, Vendor Advisory
References () http://secunia.com/advisories/17067 - () http://secunia.com/advisories/17067 -
References () http://secunia.com/advisories/17348 - () http://secunia.com/advisories/17348 -
References () http://www.debian.org/security/2005/dsa-844 - Patch, Vendor Advisory () http://www.debian.org/security/2005/dsa-844 - Patch, Vendor Advisory
References () http://www.osvdb.org/19863 - () http://www.osvdb.org/19863 -
References () http://www.securityfocus.com/bid/15224 - () http://www.securityfocus.com/bid/15224 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/22520 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/22520 -

Information

Published : 2005-10-13 21:02

Updated : 2024-11-21 00:00


NVD link : CVE-2005-2963

Mitre link : CVE-2005-2963

CVE.ORG link : CVE-2005-2963


JSON object : View

Products Affected

mod_auth_shadow

  • mod_auth_shadow