CVE-2005-2963

NameCVE-2005-2963
DescriptionThe mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-844-1
NVD severityhigh (attack range: remote)
Debian Bugs323789

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mod-auth-shadowsource(unstable)1.4-2medium323789
mod-auth-shadowsourcesarge1.4-1sarge1highDSA-844-1
mod-auth-shadowsourcewoody1.3-3.1woody.2highDSA-844-1

Search for package or bug name: Reporting problems