Vulnerability Details : CVE-2005-2963
The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
Products affected by CVE-2005-2963
- cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mod_auth_shadow:mod_auth_shadow:2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2963
1.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2963
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-2963
-
http://secunia.com/advisories/17067
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789
-
http://secunia.com/advisories/17060/
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/15224
-
http://secunia.com/advisories/17348
-
http://www.osvdb.org/19863
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/22520
-
http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200
-
http://www.debian.org/security/2005/dsa-844
Patch;Vendor Advisory
Jump to