CVE-2005-2963

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

Published: Oct 13, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2963
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mod_auth_shadow / mod_auth_shadow	1.5	1.5.x
mod_auth_shadow / mod_auth_shadow	2.0	2.0.x
mod_auth_shadow / mod_auth_shadow	1.1	1.1.x
mod_auth_shadow / mod_auth_shadow	1.3	1.3.x
mod_auth_shadow / mod_auth_shadow	1.0	1.0.x
mod_auth_shadow / mod_auth_shadow	1.2	1.2.x
mod_auth_shadow / mod_auth_shadow	1.4	1.4.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789
http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200
http://secunia.com/advisories/17060/
http://secunia.com/advisories/17067
http://secunia.com/advisories/17348
http://www.debian.org/security/2005/dsa-844
http://www.osvdb.org/19863
http://www.securityfocus.com/bid/15224
https://exchange.xforce.ibmcloud.com/vulnerabilities/22520

Vulnerability Database

290,020

CVE-2005-2963