CVE-2011-2688 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2011-2688?

CVE-2011-2688 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-2688?

Check the references section above for vendor advisories and patch information. Affected products include: Mod Authnz External Project Mod Authnz External, Apache Http Server, Debian Debian Linux.

Vulnerability Description

SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Mod Authnz External Project	Mod Authnz External	<= 3.2.5
Apache	Http Server	All versions
Debian	Debian Linux	5.0

Related Weaknesses (CWE)

CWE-89

References

http://anders.fix.no/software/#unixThird Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637Issue TrackingPatchThird Party Advisory
http://code.google.com/p/mod-auth-external/issues/detail?id=5Third Party Advisory
http://secunia.com/advisories/45240Third Party Advisory
http://www.debian.org/security/2011/dsa-2279Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/07/12/10Mailing ListPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2011/07/12/17Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/48653Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/68799Third Party AdvisoryVDB Entry
http://anders.fix.no/software/#unixThird Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633637Issue TrackingPatchThird Party Advisory
http://code.google.com/p/mod-auth-external/issues/detail?id=5Third Party Advisory
http://secunia.com/advisories/45240Third Party Advisory
http://www.debian.org/security/2011/dsa-2279Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/07/12/10Mailing ListPatchThird Party Advisory

FAQ

What is CVE-2011-2688?

CVE-2011-2688 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user...

How severe is CVE-2011-2688?

CVE-2011-2688 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2688?

Check the references section above for vendor advisories and patch information. Affected products include: Mod Authnz External Project Mod Authnz External, Apache Http Server, Debian Debian Linux.