The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.

The remote host is running a version of mod_auth_pgsql_sys which is older than 0.9.5. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host is running a version of mod_auth_oracle which is older than 0.5.2. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host is running a version of mod_auth_mysql which is older than 1.10. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host is running a version of mod_auth_pg which is older than 1.2b3. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The remote host is running a version of mod_auth_pgsql which is older than 0.9.6. It is vulnerable to a SQL injection attack which may let anyone bypass authentication or even modify your database.

The 'mod_auth_pgsql_sys' module is prior to 0.9.6. It is, therefore, affected by a SQL injection vulnerability that allows an attacker to bypass authentication.

ID	Name	Product	Family	Severity
1494	Apache mod_auth_pgsql_sys < 0.9.5 SQL Injection	Nessus Network Monitor	Web Servers	high
1493	Apache mod_auth_oracle < 0.52 SQL Injection	Nessus Network Monitor	Web Servers	high
1492	Apache mod_auth_mysql < 1.10 SQL Injection	Nessus Network Monitor	Web Servers	high
1491	Apache mod_auth_pg < 1.2b3 SQL Injection	Nessus Network Monitor	Web Servers	high
1490	Apache mod_auth_pgsql < 0.9.6 SQL Injection	Nessus Network Monitor	Web Servers	high
10752	Apache Auth Module SQL Injection	Nessus	Web Servers	high

Detections

Analytics

CVE-2001-1379

critical

Tenable Plugins

high

high

high

high

high

high