Apache <= 2.0.51 Satisfy Directive Access Control Bypass

This script is Copyright (C) 2004-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by an access control bypass
vulnerability.

Description :

The remote host is running Apache web server 2.0.51. It is reported
that this version of Apache is vulnerable to an access control bypass
attack. This issue occurs when using the 'Satisfy' directive. An
attacker may gain unauthorized access to restricted resources if
access control relies on this directive.

Solution :

Upgrade to Apache web server 2.0.52 or newer.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 14803 (apache_2_0_52.nasl)

Bugtraq ID: 11239

CVE ID: CVE-2004-0811