Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2008-2384
HistoryJan 22, 2009 - 12:00 a.m.

CVE-2008-2384

2009-01-2200:00:00
ubuntu.com
ubuntu.com
8

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.9%

JSON

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka
libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when
configured to use a multibyte character set that allows a \ (backslash) as
part of the character encoding, allows remote attackers to execute
arbitrary SQL commands via unspecified inputs in a login request.

Notes

Author Note
mdeslaur Specifying an encoding was introduced by the 012-charset.dpatch patch in 4.3.9-10. Since we donโ€™t support specifying an encoding mysql wonโ€™t decode the username and injection is not possible.

Related

nessus 12
openvas 12
oraclelinux 2
seebug 1
fedora 2
redhat 2
cvelist 1
cve 1
nvd 1
prion 1
nessus
nessus
Scientific Linux Security Update : mod_auth_mysql on SL5.x i386/x86_64
2012-08-01 00:00:00
Mandriva Linux Security Advisory : apache-mod_auth_mysql (MDVSA-2009:189-1)
2009-08-03 00:00:00
Mod_auth_mysql Multibyte Encoding SQL Injection
2011-02-22 00:00:00
openvas
openvas
Fedora Update for mod_auth_mysql FEDORA-2011-0100
2011-02-11 00:00:00
RedHat Security Advisory RHSA-2009:0259
2009-02-13 00:00:00
Oracle: Security Advisory (ELSA-2010-1002)
2015-10-06 00:00:00
oraclelinux
oraclelinux
mod_auth_mysql security update
2009-02-11 00:00:00
mod_auth_mysql security update
2011-02-10 00:00:00
seebug
seebug
mod_auth_mysql่ฝฏไปถๅŒ…ๅคšๅญ—่Š‚ๅญ—็ฌฆ็ผ–็ SQLๆณจๅ…ฅๆผๆดž
2009-02-13 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: mod_auth_mysql-3.0.0-12.fc14
2011-02-10 21:25:12
[SECURITY] Fedora 13 Update: mod_auth_mysql-3.0.0-12.fc13
2011-02-10 21:27:34
redhat
redhat
(RHSA-2009:0259) Moderate: mod_auth_mysql security update
2009-02-11 00:00:00
(RHSA-2010:1002) Moderate: mod_auth_mysql security update
2010-12-21 00:00:00
cvelist
cvelist
CVE-2008-2384
2009-01-22 18:00:00
cve
cve
CVE-2008-2384
2009-01-22 18:30:00
nvd
nvd
CVE-2008-2384
2009-01-22 18:30:00
prion
prion
Sql injection
2009-01-22 18:30:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.9%

JSON
Related for UB:CVE-2008-2384
nessus12openvas12oraclelinux2seebug1fedora2redhat2cvelist1cve1nvd1prion1