6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.7%
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html
lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html
secunia.com/advisories/39823
www.mandriva.com/security/advisories?name=MDVSA-2010:081
www.securityfocus.com/bid/39538
www.vupen.com/english/advisories/2010/0908
www.vupen.com/english/advisories/2010/1148
bugzilla.redhat.com/show_bug.cgi?id=578168