Vulnerability Description
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Apache Http Server | All versions |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html
- http://secunia.com/advisories/39823
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:081
- http://www.securityfocus.com/bid/39538
- http://www.vupen.com/english/advisories/2010/0908
- http://www.vupen.com/english/advisories/2010/1148
- https://bugzilla.redhat.com/show_bug.cgi?id=578168Patch
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html
- http://secunia.com/advisories/39823
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:081
- http://www.securityfocus.com/bid/39538
- http://www.vupen.com/english/advisories/2010/0908
- http://www.vupen.com/english/advisories/2010/1148
FAQ
What is CVE-2010-1151?
CVE-2010-1151 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction...
How severe is CVE-2010-1151?
CVE-2010-1151 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1151?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Apache Http Server.