mod_auth_any for Apache Metacharacter Remote Command Execution

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary code may be run on the remote host.

Description :

The remote host seems to be running mod_auth_any, an Apache Module
which allows the use of third-party authentication programs.

This module does not properly escape shell characters when a
username is supplied, and therefore an attacker may use this module
to :
- Execute arbitrary commands on the remote host
- Bypass the authentication process completely

See also :

http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/mod_auth_any/files/

Solution :

Patch mod_auth_any or disable it.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 11481 ()

Bugtraq ID: 7448

CVE ID: CVE-2003-0084