CVE-2008-2384 Detail

CVE-2008-2384

CVE Descriptions

SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.

CVE Informations

Related Weaknesses

CWE-ID	Weakness Name	Source
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Metrics

Metrics	Score	Severity	CVSS Vector	Source
V2	7.5		AV:N/AC:L/Au:N/C:P/I:P/A:P	[email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

EPSS First.org

Products Mentioned

Configuraton 0

Joey_schulze>>Mod_auth_mysql >> Version *

Apache>>Http_server >> Version -

Apache>>Http_server >> Version - (Open CPE detail)

Apache>>Http_server >> Version 2.0

Apache>>Http_server >> Version 2.0 (Open CPE detail)
Apache>>Http_server >> Version 2.0 (Open CPE detail)

Apache>>Http_server >> Version 2.0.9

Apache>>Http_server >> Version 2.0.9 (Open CPE detail)

Apache>>Http_server >> Version 2.0.28

Apache>>Http_server >> Version 2.0.28 (Open CPE detail)
Apache>>Http_server >> Version 2.0.28 (Open CPE detail)

Apache>>Http_server >> Version 2.0.28

Apache>>Http_server >> Version 2.0.28 (Open CPE detail)

Apache>>Http_server >> Version 2.0.28

Apache>>Http_server >> Version 2.0.32

Apache>>Http_server >> Version 2.0.32 (Open CPE detail)
Apache>>Http_server >> Version 2.0.32 (Open CPE detail)

Apache>>Http_server >> Version 2.0.32

Apache>>Http_server >> Version 2.0.32 (Open CPE detail)

Apache>>Http_server >> Version 2.0.32

Apache>>Http_server >> Version 2.0.34

Apache>>Http_server >> Version 2.0.34 (Open CPE detail)

Apache>>Http_server >> Version 2.0.34

Apache>>Http_server >> Version 2.0.35

Apache>>Http_server >> Version 2.0.35 (Open CPE detail)

Apache>>Http_server >> Version 2.0.36

Apache>>Http_server >> Version 2.0.36 (Open CPE detail)

Apache>>Http_server >> Version 2.0.37

Apache>>Http_server >> Version 2.0.37 (Open CPE detail)

Apache>>Http_server >> Version 2.0.38

Apache>>Http_server >> Version 2.0.38 (Open CPE detail)

Apache>>Http_server >> Version 2.0.39

Apache>>Http_server >> Version 2.0.39 (Open CPE detail)

Apache>>Http_server >> Version 2.0.40

Apache>>Http_server >> Version 2.0.40 (Open CPE detail)

Apache>>Http_server >> Version 2.0.41

Apache>>Http_server >> Version 2.0.41 (Open CPE detail)

Apache>>Http_server >> Version 2.0.42

Apache>>Http_server >> Version 2.0.42 (Open CPE detail)

Apache>>Http_server >> Version 2.0.43

Apache>>Http_server >> Version 2.0.43 (Open CPE detail)

Apache>>Http_server >> Version 2.0.44

Apache>>Http_server >> Version 2.0.44 (Open CPE detail)

Apache>>Http_server >> Version 2.0.45

Apache>>Http_server >> Version 2.0.45 (Open CPE detail)

Apache>>Http_server >> Version 2.0.46

Apache>>Http_server >> Version 2.0.46 (Open CPE detail)

Apache>>Http_server >> Version 2.0.46

Apache>>Http_server >> Version 2.0.47

Apache>>Http_server >> Version 2.0.47 (Open CPE detail)

Apache>>Http_server >> Version 2.0.48

Apache>>Http_server >> Version 2.0.48 (Open CPE detail)

Apache>>Http_server >> Version 2.0.49

Apache>>Http_server >> Version 2.0.49 (Open CPE detail)

Apache>>Http_server >> Version 2.0.50

Apache>>Http_server >> Version 2.0.50 (Open CPE detail)

Apache>>Http_server >> Version 2.0.51

Apache>>Http_server >> Version 2.0.51 (Open CPE detail)

Apache>>Http_server >> Version 2.0.52

Apache>>Http_server >> Version 2.0.52 (Open CPE detail)

Apache>>Http_server >> Version 2.0.53

Apache>>Http_server >> Version 2.0.53 (Open CPE detail)

Apache>>Http_server >> Version 2.0.54

Apache>>Http_server >> Version 2.0.54 (Open CPE detail)

Apache>>Http_server >> Version 2.0.55

Apache>>Http_server >> Version 2.0.55 (Open CPE detail)

Apache>>Http_server >> Version 2.0.56

Apache>>Http_server >> Version 2.0.56 (Open CPE detail)

Apache>>Http_server >> Version 2.0.57

Apache>>Http_server >> Version 2.0.57 (Open CPE detail)

Apache>>Http_server >> Version 2.0.58

Apache>>Http_server >> Version 2.0.58 (Open CPE detail)

Apache>>Http_server >> Version 2.0.58

Apache>>Http_server >> Version 2.0.59

Apache>>Http_server >> Version 2.0.59 (Open CPE detail)

Apache>>Http_server >> Version 2.0.60

Apache>>Http_server >> Version 2.0.60 (Open CPE detail)

Apache>>Http_server >> Version 2.0.61

Apache>>Http_server >> Version 2.0.61 (Open CPE detail)

Apache>>Http_server >> Version 2.1

Apache>>Http_server >> Version 2.1 (Open CPE detail)

Apache>>Http_server >> Version 2.1.1

Apache>>Http_server >> Version 2.1.1 (Open CPE detail)

Apache>>Http_server >> Version 2.1.2

Apache>>Http_server >> Version 2.1.2 (Open CPE detail)

Apache>>Http_server >> Version 2.1.3

Apache>>Http_server >> Version 2.1.3 (Open CPE detail)

Apache>>Http_server >> Version 2.1.4

Apache>>Http_server >> Version 2.1.4 (Open CPE detail)

Apache>>Http_server >> Version 2.1.5

Apache>>Http_server >> Version 2.1.5 (Open CPE detail)

Apache>>Http_server >> Version 2.1.6

Apache>>Http_server >> Version 2.1.6 (Open CPE detail)

Apache>>Http_server >> Version 2.1.7

Apache>>Http_server >> Version 2.1.7 (Open CPE detail)

Apache>>Http_server >> Version 2.1.8

Apache>>Http_server >> Version 2.1.8 (Open CPE detail)

Apache>>Http_server >> Version 2.2

Apache>>Http_server >> Version 2.2 (Open CPE detail)

Apache>>Http_server >> Version 2.2.0

Apache>>Http_server >> Version 2.2.0 (Open CPE detail)

Apache>>Http_server >> Version 2.2.1

Apache>>Http_server >> Version 2.2.1 (Open CPE detail)

Apache>>Http_server >> Version 2.2.2

Apache>>Http_server >> Version 2.2.2 (Open CPE detail)

Apache>>Http_server >> Version 2.2.2

Apache>>Http_server >> Version 2.2.3

Apache>>Http_server >> Version 2.2.3 (Open CPE detail)

Apache>>Http_server >> Version 2.2.3

Apache>>Http_server >> Version 2.2.4

Apache>>Http_server >> Version 2.2.4 (Open CPE detail)

Apache>>Http_server >> Version 2.2.6

Apache>>Http_server >> Version 2.2.6 (Open CPE detail)

Apache>>Http_server >> Version 2.3.0

Apache>>Http_server >> Version 2.3.0 (Open CPE detail)

References

http://openwall.com/lists/oss-security/2009/01/21/10
Tags : mailing-list, x_refsource_MLIST

http://www.redhat.com/support/errata/RHSA-2009-0259.html
Tags : vendor-advisory, x_refsource_REDHAT

https://exchange.xforce.ibmcloud.com/vulnerabilities/48163
Tags : vdb-entry, x_refsource_XF

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html
Tags : vendor-advisory, x_refsource_FEDORA

http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch
Tags : x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2011/0367
Tags : vdb-entry, x_refsource_VUPEN

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html
Tags : vendor-advisory, x_refsource_FEDORA

https://bugzilla.redhat.com/show_bug.cgi?id=480238
Tags : x_refsource_CONFIRM

http://secunia.com/advisories/33627
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/43302
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.redhat.com/support/errata/RHSA-2010-1002.html
Tags : vendor-advisory, x_refsource_REDHAT

http://www.vupen.com/english/advisories/2009/0226
Tags : vdb-entry, x_refsource_VUPEN

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10172
Tags : vdb-entry, signature, x_refsource_OVAL

http://www.securityfocus.com/bid/33392
Tags : vdb-entry, x_refsource_BID

CVE-2008-2384 : Detail

CVE-2008-2384

CVE Descriptions

CVE Informations

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

References