Lucene search

K
gentooGentoo FoundationGLSA-200409-33
HistorySep 24, 2004 - 12:00 a.m.

Apache: Exposure of protected directories

2004-09-2400:00:00
Gentoo Foundation
security.gentoo.org
16

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.003

Percentile

65.3%

Background

The Apache HTTP server is one of most popular web servers on the Internet.

Description

A bug in the way Apache handles the Satisfy directive, which is used to require that certain conditions (client host, client authentication, etc) be met before access to a certain directory is granted, could allow the exposure of protected directories to unauthorized clients.

Impact

Directories containing protected data could be exposed to all visitors to the webserver.

Workaround

There is no known workaround at this time.

Resolution

All Apache users should upgrade to the latest version:

 # emerge sync

 # emerge -pv ">=www-servers/apache-2.0.51-r1"
 # emerge ">=www-servers/apache-2.0.51-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-servers/apache=ย 2.0.51UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.003

Percentile

65.3%