Lucene search

PRIOn knowledge basePRION:CVE-2011-2688

HistoryJul 28, 2011 - 6:55 p.m.

Sql injection

2011-07-2818:55:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.6%

JSON

SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

CPENameOperatorVersion
debian_linuxeq5.0
debian_linuxeq7.0
debian_linuxeq6.0
mod_authnz_externalle3.2.5

Name	Operator	Version
debian_linux	eq	5.0
debian_linux	eq	7.0
debian_linux	eq	6.0
mod_authnz_external	le	3.2.5

References

anders.fix.no/software/

bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637

secunia.com/advisories/45240

www.debian.org/security/2011/dsa-2279

www.openwall.com/lists/oss-security/2011/07/12/10

www.openwall.com/lists/oss-security/2011/07/12/17

www.securityfocus.com/bid/48653

code.google.com/p/mod-auth-external/issues/detail?id=5

exchange.xforce.ibmcloud.com/vulnerabilities/68799

8.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.6%

JSON

Related for PRION:CVE-2011-2688