Authorization Bypass

2019-01-1509:20:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

httpd is vulnerable to authorization bypass attacks. The vulnerability exists as a regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the “Allow” and “Deny” configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource.

CPENameOperatorVersion
httpdeq2.2.15__29.el6_4
httpdeq2.2.15__31.el6_5
httpdeq2.2.15__9.el6_1.3
httpdeq2.2.15__59.el6
httpdeq2.2.15__15.el6_2.1
httpdeq2.2.15__55.el6_8.2
httpdeq2.2.15__28.el6_4
httpdeq2.2.15__39.el6
httpdeq2.2.15__47.el6_7.1
httpdeq2.2.15__47.el6_7.3

Name	Operator	Version
httpd	eq	2.2.15__29.el6_4
httpd	eq	2.2.15__31.el6_5
httpd	eq	2.2.15__9.el6_1.3
httpd	eq	2.2.15__59.el6
httpd	eq	2.2.15__15.el6_2.1
httpd	eq	2.2.15__55.el6_8.2
httpd	eq	2.2.15__28.el6_4
httpd	eq	2.2.15__39.el6
httpd	eq	2.2.15__47.el6_7.1
httpd	eq	2.2.15__47.el6_7.3