mod_auth_any for Apache Metacharacter Remote Command Execution
High Nessus Plugin ID 11481
SynopsisArbitrary code may be run on the remote host.
DescriptionThe remote host seems to be running mod_auth_any, an Apache Module which allows the use of third-party authentication programs.
This module does not properly escape shell characters when a username is supplied, and therefore an attacker may use this module to :
- Execute arbitrary commands on the remote host
- Bypass the authentication process completely
SolutionPatch mod_auth_any or disable it.