CVE-2005-2963

high

Description

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/22520

http://www.securityfocus.com/bid/15224

http://www.osvdb.org/19863

http://www.debian.org/security/2005/dsa-844

http://secunia.com/advisories/17348

http://secunia.com/advisories/17067

http://secunia.com/advisories/17060/

http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789

Details

Source: Mitre, NVD

Published: 2005-10-13

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High