CVE-2010-1151

Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:081
https://bugzilla.redhat.com/show_bug.cgi?id=578168	Patch
http://www.vupen.com/english/advisories/2010/0908
http://www.securityfocus.com/bid/39538
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html
http://www.vupen.com/english/advisories/2010/1148
http://secunia.com/advisories/39823

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:apache_http_server:*:*:*:*:*:*:*:*

Information

Published : 2010-04-20 09:30

Updated : 2010-05-26 22:49

NVD link : CVE-2010-1151

Mitre link : CVE-2010-1151

JSON object : View

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Advertisement

Products Affected

apache

apache_http_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:081", "name": "MDVSA-2010:081", "tags": [], "refsource": "MANDRIVA"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578168", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=578168", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2010/0908", "name": "ADV-2010-0908", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.securityfocus.com/bid/39538", "name": "39538", "tags": [], "refsource": "BID"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html", "name": "FEDORA-2010-6323", "tags": [], "refsource": "FEDORA"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html", "name": "FEDORA-2010-6359", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.vupen.com/english/advisories/2010/1148", "name": "ADV-2010-1148", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/39823", "name": "39823", "tags": [], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-362"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-1151", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-04-20T16:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:apache_http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-05-27T05:49Z"}