CVE-2005-2963
Published Oct 13, 2005
Last updated 7 years ago
Overview
- Description
- The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
- Source
- security@debian.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "749F9325-2253-420A-941C-BD56491E127B"
},
{
"criteria": "cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84593AE8-E873-4C4F-99F0-81037B5BEC79"
},
{
"criteria": "cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43025F27-302F-41E4-9DD3-99AFAF94B758"
},
{
"criteria": "cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D5BE018-681C-47A9-B911-2A9DAD07096B"
},
{
"criteria": "cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBEBF877-4EB6-4E4F-BF8B-A172D2BA3981"
},
{
"criteria": "cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F30540C5-133A-4B84-9F6C-576AD87CF6F3"
},
{
"criteria": "cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58AE41C1-D2C6-406B-89D0-C8B3408A0D53"
}
],
"operator": "OR"
}
]
}
]