Lucene search

Veracode Vulnerability DatabaseVERACODE:21090

HistoryAug 08, 2019 - 12:07 a.m.

Authorization Bypass

2019-08-0800:07:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

httpd is vulnerable to authorization bypass. The vulnerability exists as mod_auth_digest has an access control bypass issue due to race condition.

CPENameOperatorVersion
httpdeq2.4.6__89.el7.centos
httpdeq2.4.6__80.el7.centos.1
httpdeq2.4.6__80.el7.centos
httpdeq2.4.6__89.el7.centos.1
httpdeq2.4.6__88.el7.centos
jbcs-httpd24-mod_cluster-nativeeq1.3.1__10.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-nativeeq1.3.8__1.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-nativeeq1.3.1__10.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_cluster-nativeeq1.3.8__1.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_cluster-nativeeq1.3.8__3.Final_redhat_2.jbcs.el7

Name	Operator	Version
httpd	eq	2.4.6__89.el7.centos
httpd	eq	2.4.6__80.el7.centos.1
httpd	eq	2.4.6__80.el7.centos
httpd	eq	2.4.6__89.el7.centos.1
httpd	eq	2.4.6__88.el7.centos
jbcs-httpd24-mod_cluster-native	eq	1.3.1__10.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-native	eq	1.3.8__1.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-native	eq	1.3.1__10.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_cluster-native	eq	1.3.8__1.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_cluster-native	eq	1.3.8__3.Final_redhat_2.jbcs.el7

Rows per page:

1-10 of 841

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html

www.openwall.com/lists/oss-security/2019/04/02/5

www.securityfocus.com/bid/107668

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

access.redhat.com/errata/RHSA-2019:2343

access.redhat.com/errata/RHSA-2019:3436

access.redhat.com/errata/RHSA-2019:3932

access.redhat.com/errata/RHSA-2019:3933

access.redhat.com/errata/RHSA-2019:3935

access.redhat.com/errata/RHSA-2019:4126

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=1695020

httpd.apache.org/security/vulnerabilities_24.html

lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808@%3Cdev.httpd.apache.org%3E

lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9@%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E

lists.debian.org/debian-lts-announce/2019/04/msg00008.html

lists.fedoraproject.org/archives/list/[email protected]/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/

lists.fedoraproject.org/archives/list/[email protected]/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/

lists.fedoraproject.org/archives/list/[email protected]/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/

seclists.org/bugtraq/2019/Apr/5

security.netapp.com/advisory/ntap-20190423-0001/

support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

usn.ubuntu.com/3937-1/

usn.ubuntu.com/3937-2/

www.debian.org/security/2019/dsa-4422

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

Related for VERACODE:21090