Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.

The remote host is affected by the vulnerability described in GLSA-200409-33 (Apache: Exposure of protected directories)

    A bug in the way Apache handles the Satisfy directive, which is used to     require that certain conditions (client host, client authentication, etc)     be met before access to a certain directory is granted, could allow the     exposure of protected directories to unauthorized clients.
  Impact :

    Directories containing protected data could be exposed to all visitors to     the webserver.
  Workaround :

    There is no known workaround at this time.

- Tue Sep 21 2004 Joe Orton <jorton at redhat.com>     2.0.51-2.7

  - ap_rgetline_core fix from Rici Lake

  - Tue Sep 21 2004 Joe Orton <jorton at redhat.com>     2.0.51-2.6

  - fix 2.0.51 regression in Satisfy merging (CVE-2004-0811)

  - Thu Sep 16 2004 Joe Orton <jorton at redhat.com>     2.0.51-2.5

  - mod_ssl: prevent SIGHUP-triggers-SIGSEGV after upgrade     from 2.0.50

    - revert mod_ldap/mod_auth_ldap changes likewise

  - Wed Sep 15 2004 Joe Orton <jorton at redhat.com>     2.0.51-2.1

  - update to 2.0.51, including security fixes for :

    - core: CVE-2004-0747

    - mod_dav_fs: CVE-2004-0809

    - mod_ssl: CVE-2004-0751, CVE-2004-0748

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running Apache Web Server 2.0.51. It is reported that this version of Apache is vulnerable to an access control bypass attack. This issue occurs when using the 'Satisfy' directive. An attacker may gain unauthorized access to restricted resources if access control relies on this directive.

The remote host is running Apache web server 2.0.51. It is reported that this version of Apache is vulnerable to an access control bypass attack. This issue occurs when using the 'Satisfy' directive. An attacker may gain unauthorized access to restricted resources if access control relies on this directive.

The remote host is running a vulnerable version of Apache. It is reported that versions prior 2.0.51 are prone to a remote denial of service issue. An attacker may issue a specific sequence of DAV LOCK commands to crash the process. If Apache is configured to use threads, it may completely crash the Apache process.

The remote host is running a vulnerable version of Apache. It is reported that versions prior 2.0.51 are prone to a local buffer overflow when processing ${ENVVAR} constructs in .htaccess and httpd.conf files. An attacker with interactive access to the computer may use this flaw to execute arbitrary code in the context of the web server.

The remote host appears to be running a version of Apache 2.x that is older than 2.0.51. It is reported that these versions of Apache are prone to a denial of service issue related to mod_ssl. An attacker may force a SSL connection to be aborted and therefore cause the Apache server to enter in an infinite loop, consuming CPU resources. 

ID	Name	Product	Family	Severity
14811	GLSA-200409-33 : Apache: Exposure of protected directories	Nessus	Gentoo Local Security Checks	high
14807	Fedora Core 2 : httpd-2.0.51-2.7 (2004-313)	Nessus	Fedora Local Security Checks	high
2309	Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass	Nessus Network Monitor	Web Servers	high
14803	Apache <= 2.0.51 Satisfy Directive Access Control Bypass	Nessus	Web Servers	high
2291	Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS	Nessus Network Monitor	Web Servers	medium
2290	Apache < 2.0.51 ${ENVVAR} Local Overflow	Nessus Network Monitor	Web Servers	medium
2254	Apache < 2.0.51 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
800586	Apache < 2.0.52-dev 'Satisfy' Directive Access Control Bypass	Log Correlation Engine	Web Servers	medium
800565	Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS	Log Correlation Engine	Web Servers	medium
800564	Apache < 2.0.51 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	medium
800562	Apache < 2.0.51 ${ENVVAR} Local Overflow	Log Correlation Engine	Web Servers	medium

Detections

Analytics

CVE-2004-0811

critical

Tenable Plugins

high

high

high

high

medium

medium

high

medium

medium

medium

medium