| VID |
22017 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
There is a vulnerable version of the authentication module installed on the Apache Web Server. This module is vulnerable to a SQL insertion attack that could allow an attacker to execute arbitrary SQL statements.
o 'mod_auth_mysql' is an authentication module required by Apache server to make use of database-based authentication using MySQL.
o 'mod_auth_oracle' is an authentication module required by Apache server to make use of database-based authentication using Oracle.
o 'mod_auth_pgsql_sys', 'mod_auth_pgsql', 'mod_auth_pg', and 'AuthPG' are authentication modules required by Apache server to make use of database-based authentication using PostGreSQL.
These authentication modules for Apache are prone to a vulnerability which will allow SQL queries to be manipulated via a HTTP request. Data that is included in SQL query strings is not adequately sanitized. It may be possible for malicious users to modify the structure of SQL queries. |
| Recommendation |
Upgrade to the latest version of this module from:
http://cert.uni-stuttgart.de/advisories/apache_auth.php |
| Related URL |
CVE-2001-1379 (CVE) |
| Related URL |
3251,3253,3256 (SecurityFocus) |
| Related URL |
7059 (ISS) |
|
