Описание
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.4.27-2ubuntu2 |
| esm-infra-legacy/trusty | released | 2.4.7-1ubuntu4.16 |
| esm-infra/xenial | released | 2.4.18-2ubuntu3.3 |
| precise/esm | not-affected | 2.2.22-1ubuntu1.12 |
| trusty | released | 2.4.7-1ubuntu4.16 |
| trusty/esm | released | 2.4.7-1ubuntu4.16 |
| upstream | pending | 2.2.33, 2.4.26 |
| vivid/ubuntu-core | DNE | |
| xenial | released | 2.4.18-2ubuntu3.3 |
| yakkety | released | 2.4.18-2ubuntu4.2 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of th ...
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Уязвимость функции ap_get_basic_auth_pw() веб-сервера Apache HTTP Server, позволяющая нарушителю обойти требования аутентификации
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3