Upstream information

CVE-2005-2963 at MITRE

Description

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Note from the SUSE Security Team

This security issues was only present in SUSE Linux 9.0 in apache-contrib and was considered too minor to fix.

SUSE Bugzilla entry: 120578 [RESOLVED]

No SUSE Security Announcements cross referenced.