This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.
Arbitrary code may be run on the remote host.
The remote host seems to be running mod_auth_any, an Apache Module
which allows the use of third-party authentication programs.
This module does not properly escape shell characters when a
username is supplied, and therefore an attacker may use this module
- Execute arbitrary commands on the remote host
- Bypass the authentication process completely
See also :
Patch mod_auth_any or disable it.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true