Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-8109

Опубликовано: 12 нояб. 2014
Источник: redhat
CVSS2: 1.9

Описание

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8httpdNot affected
Red Hat Enterprise Linux 5httpdNot affected
Red Hat Enterprise Linux 6httpdNot affected
Red Hat Enterprise Linux 7httpdWill not fix
Red Hat JBoss Enterprise Application Platform 5httpdNot affected
Red Hat JBoss Enterprise Application Platform 6httpdNot affected
Red Hat JBoss Enterprise Web Server 1httpdNot affected
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat Software Collectionshttpd24-httpdWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=1174077httpd: LuaAuthzProvider argument handling issue

1.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-8109

ubuntu
около 11 лет назад

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

nvd логотип

CVE-2014-8109

nvd
около 11 лет назад

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

debian логотип

CVE-2014-8109

debian
около 11 лет назад

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2. ...

github логотип

GHSA-5m8h-wgcr-7x2w

github
больше 3 лет назад

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.

suse-cvrf логотип

SUSE-SU-2015:0974-1

suse-cvrf
почти 11 лет назад

Security update for apache2

1.9 Low

CVSS2