Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2010:1002
HistoryDec 21, 2010 - 12:00 a.m.

(RHSA-2010:1002) Moderate: mod_auth_mysql security update

2010-12-2100:00:00
access.redhat.com
15

0.004 Low

EPSS

Percentile

74.9%

JSON

The mod_auth_mysql package includes an extension module for the Apache HTTP
Server, which can be used to implement web user authentication against a
MySQL database.

A flaw was found in the way mod_auth_mysql escaped certain
multibyte-encoded strings. If mod_auth_mysql was configured to use a
multibyte character set that allowed a backslash ("") as part of the
character encodings, a remote attacker could inject arbitrary SQL commands
into a login request. (CVE-2008-2384)

Note: This flaw only affected non-default installations where
AuthMySQLCharacterSet is configured to use one of the affected multibyte
character sets. Installations that did not use the AuthMySQLCharacterSet
configuration option were not vulnerable to this flaw.

All mod_auth_mysql users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue. After installing
the updated package, the httpd daemon must be restarted for the update to
take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6ppc64mod_auth_mysql-debuginfo<ย 3.0.0-11.el6_0.1mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.ppc64.rpm
RedHat6i686mod_auth_mysql<ย 3.0.0-11.el6_0.1mod_auth_mysql-3.0.0-11.el6_0.1.i686.rpm
RedHat6i686mod_auth_mysql-debuginfo<ย 3.0.0-11.el6_0.1mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.i686.rpm
RedHat6ppc64mod_auth_mysql<ย 3.0.0-11.el6_0.1mod_auth_mysql-3.0.0-11.el6_0.1.ppc64.rpm
RedHat6s390xmod_auth_mysql-debuginfo<ย 3.0.0-11.el6_0.1mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.s390x.rpm
RedHat6s390xmod_auth_mysql<ย 3.0.0-11.el6_0.1mod_auth_mysql-3.0.0-11.el6_0.1.s390x.rpm
RedHat6x86_64mod_auth_mysql-debuginfo<ย 3.0.0-11.el6_0.1mod_auth_mysql-debuginfo-3.0.0-11.el6_0.1.x86_64.rpm
RedHat6srcmod_auth_mysql<ย 3.0.0-11.el6_0.1mod_auth_mysql-3.0.0-11.el6_0.1.src.rpm
RedHat6x86_64mod_auth_mysql<ย 3.0.0-11.el6_0.1mod_auth_mysql-3.0.0-11.el6_0.1.x86_64.rpm

Related

nessus 12
openvas 12
ubuntucve 1
oraclelinux 2
seebug 1
fedora 2
redhat 1
cvelist 1
cve 1
nvd 1
prion 1
nessus
nessus
Scientific Linux Security Update : mod_auth_mysql on SL5.x i386/x86_64
2012-08-01 00:00:00
Mandriva Linux Security Advisory : apache-mod_auth_mysql (MDVSA-2009:189-1)
2009-08-03 00:00:00
Mod_auth_mysql Multibyte Encoding SQL Injection
2011-02-22 00:00:00
openvas
openvas
Fedora Update for mod_auth_mysql FEDORA-2011-0100
2011-02-11 00:00:00
RedHat Security Advisory RHSA-2009:0259
2009-02-13 00:00:00
Oracle: Security Advisory (ELSA-2010-1002)
2015-10-06 00:00:00
ubuntucve
ubuntucve
CVE-2008-2384
2009-01-22 00:00:00
oraclelinux
oraclelinux
mod_auth_mysql security update
2009-02-11 00:00:00
mod_auth_mysql security update
2011-02-10 00:00:00
seebug
seebug
mod_auth_mysql่ฝฏไปถๅŒ…ๅคšๅญ—่Š‚ๅญ—็ฌฆ็ผ–็ SQLๆณจๅ…ฅๆผๆดž
2009-02-13 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: mod_auth_mysql-3.0.0-12.fc14
2011-02-10 21:25:12
[SECURITY] Fedora 13 Update: mod_auth_mysql-3.0.0-12.fc13
2011-02-10 21:27:34
redhat
redhat
(RHSA-2009:0259) Moderate: mod_auth_mysql security update
2009-02-11 00:00:00
cvelist
cvelist
CVE-2008-2384
2009-01-22 18:00:00
cve
cve
CVE-2008-2384
2009-01-22 18:30:00
nvd
nvd
CVE-2008-2384
2009-01-22 18:30:00
prion
prion
Sql injection
2009-01-22 18:30:00

0.004 Low

EPSS

Percentile

74.9%

JSON
Related for RHSA-2010:1002
nessus12openvas12ubuntucve1oraclelinux2seebug1fedora2redhat1cvelist1cve1nvd1prion1