Vulnerability Description
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Joey Schulze | Mod Auth Mysql | All versions |
| Apache | Http Server | - |
Related Weaknesses (CWE)
References
- http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.h
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.h
- http://openwall.com/lists/oss-security/2009/01/21/10
- http://secunia.com/advisories/33627Vendor Advisory
- http://secunia.com/advisories/43302
- http://www.redhat.com/support/errata/RHSA-2009-0259.html
- http://www.redhat.com/support/errata/RHSA-2010-1002.html
- http://www.securityfocus.com/bid/33392
- http://www.vupen.com/english/advisories/2009/0226
- http://www.vupen.com/english/advisories/2011/0367
- https://bugzilla.redhat.com/show_bug.cgi?id=480238
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48163
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patPatch
FAQ
What is CVE-2008-2384?
CVE-2008-2384 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allow...
How severe is CVE-2008-2384?
CVE-2008-2384 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2384?
Check the references section above for vendor advisories and patch information. Affected products include: Joey Schulze Mod Auth Mysql, Apache Http Server.