Vulnerability Description
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| David Castro | Apache Authcas | 0.4 |
Related Weaknesses (CWE)
References
- http://search.cpan.org/src/DCASTRO/Apache-AuthCAS-0.5/Changes
- http://secunia.com/advisories/29492
- http://securityreason.com/securityalert/3439
- http://www.securityfocus.com/archive/1/484711/100/0/threaded
- http://www.securityfocus.com/archive/1/489993/100/0/threaded
- http://www.securityfocus.com/bid/26762
- http://search.cpan.org/src/DCASTRO/Apache-AuthCAS-0.5/Changes
- http://secunia.com/advisories/29492
- http://securityreason.com/securityalert/3439
- http://www.securityfocus.com/archive/1/484711/100/0/threaded
- http://www.securityfocus.com/archive/1/489993/100/0/threaded
- http://www.securityfocus.com/bid/26762
FAQ
What is CVE-2007-6342?
CVE-2007-6342 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (sessio...
How severe is CVE-2007-6342?
CVE-2007-6342 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6342?
Check the references section above for vendor advisories and patch information. Affected products include: David Castro Apache Authcas.