Authentication flaw

2007-07-0519:30:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

MySQLDumper 1.21b through 1.23 REV227 uses a “Limit GET” statement in the .htaccess authentication mechanism, which allows remote attackers to bypass authentication requirements via HTTP POST requests.

CPENameOperatorVersion
mysqldumpereq1.22
mysqldumpereqtypo3extension0.0.5
mysqldumpereq1.21
mysqldumpereq1.23

Name	Operator	Version
mysqldumper	eq	1.22
mysqldumper	eq	typo3extension0.0.5
mysqldumper	eq	1.21
mysqldumper	eq	1.23

References

archives.neohapsis.com/archives/bugtraq/2007-08/0052.html

osvdb.org/42460

securityreason.com/securityalert/2859

www.securityfocus.com/archive/1/472756/100/0/threaded

www.securityfocus.com/bid/24759

exchange.xforce.ibmcloud.com/vulnerabilities/35291