Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-8109

Опубликовано: 29 дек. 2014
Источник: nvd
CVSS2: 4.3
EPSS Средний

Описание

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:oracle:enterprise_manager_ops_center:*:*:*:*:*:*:*:*
Версия до 12.1.4 (исключая)
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.15829
Средний

4.3 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

ubuntu логотип

CVE-2014-8109

ubuntu
около 11 лет назад

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

redhat логотип

CVE-2014-8109

redhat
около 11 лет назад

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

debian логотип

CVE-2014-8109

debian
около 11 лет назад

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2. ...

github логотип

GHSA-5m8h-wgcr-7x2w

github
больше 3 лет назад

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

suse-cvrf логотип

SUSE-SU-2015:0974-1

suse-cvrf
почти 11 лет назад

Security update for apache2

EPSS

Процентиль: 95%
0.15829
Средний

4.3 Medium

CVSS2

Дефекты

CWE-863