CVE-2008-2384: SQL Injection
First published: Thu Jan 15 2009(Updated: )
Martin Joey Schulze discovered a flaw in the way mod_auth_mysql handles certain multibyte character encodings. If mod_auth_mysql is configured to use use a multibyte character set that allows the backslash '\' character as part of the character encodings, it is possible to inject arbitrary SQL commands to the MySQL database server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Joey Schulze Mod Auth Mysql | ||
| Apache HTTP Server | ||
| Apache HTTP Server | =2.0 | |
| Apache HTTP Server | =2.0.9 | |
| Apache HTTP Server | =2.0.28 | |
| Apache HTTP Server | =2.0.28-beta | |
| Apache HTTP Server | =2.0.28-beta | |
| Apache HTTP Server | =2.0.32 | |
| Apache HTTP Server | =2.0.32-beta | |
| Apache HTTP Server | =2.0.32-beta | |
| Apache HTTP Server | =2.0.34-beta | |
| Apache HTTP Server | =2.0.34-beta | |
| Apache HTTP Server | =2.0.35 | |
| Apache HTTP Server | =2.0.36 | |
| Apache HTTP Server | =2.0.37 | |
| Apache HTTP Server | =2.0.38 | |
| Apache HTTP Server | =2.0.39 | |
| Apache HTTP Server | =2.0.40 | |
| Apache HTTP Server | =2.0.41 | |
| Apache HTTP Server | =2.0.42 | |
| Apache HTTP Server | =2.0.43 | |
| Apache HTTP Server | =2.0.44 | |
| Apache HTTP Server | =2.0.45 | |
| Apache HTTP Server | =2.0.46 | |
| Apache HTTP Server | =2.0.46 | |
| Apache HTTP Server | =2.0.47 | |
| Apache HTTP Server | =2.0.48 | |
| Apache HTTP Server | =2.0.49 | |
| Apache HTTP Server | =2.0.50 | |
| Apache HTTP Server | =2.0.51 | |
| Apache HTTP Server | =2.0.52 | |
| Apache HTTP Server | =2.0.53 | |
| Apache HTTP Server | =2.0.54 | |
| Apache HTTP Server | =2.0.55 | |
| Apache HTTP Server | =2.0.56 | |
| Apache HTTP Server | =2.0.57 | |
| Apache HTTP Server | =2.0.58 | |
| Apache HTTP Server | =2.0.58 | |
| Apache HTTP Server | =2.0.59 | |
| Apache HTTP Server | =2.0.60 | |
| Apache HTTP Server | =2.0.61 | |
| Apache HTTP Server | =2.1 | |
| Apache HTTP Server | =2.1.1 | |
| Apache HTTP Server | =2.1.2 | |
| Apache HTTP Server | =2.1.3 | |
| Apache HTTP Server | =2.1.4 | |
| Apache HTTP Server | =2.1.5 | |
| Apache HTTP Server | =2.1.6 | |
| Apache HTTP Server | =2.1.7 | |
| Apache HTTP Server | =2.1.8 | |
| Apache HTTP Server | =2.2 | |
| Apache HTTP Server | =2.2.0 | |
| Apache HTTP Server | =2.2.1 | |
| Apache HTTP Server | =2.2.2 | |
| Apache HTTP Server | =2.2.2 | |
| Apache HTTP Server | =2.2.3 | |
| Apache HTTP Server | =2.2.3 | |
| Apache HTTP Server | =2.2.4 | |
| Apache HTTP Server | =2.2.6 | |
| Apache HTTP Server | =2.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/33392
- http://openwall.com/lists/oss-security/2009/01/21/10
- http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch
- http://secunia.com/advisories/33627
- http://www.redhat.com/support/errata/RHSA-2009-0259.html
- https://bugzilla.redhat.com/show_bug.cgi?id=480238
- http://www.redhat.com/support/errata/RHSA-2010-1002.html
- http://www.vupen.com/english/advisories/2011/0367
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html
- http://secunia.com/advisories/43302
- http://www.vupen.com/english/advisories/2009/0226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48163
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10172
- http://www.openwall.com/lists/oss-security/2009/01/21/10
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=663414
- https://rhn.redhat.com/errata/RHSA-2010-1002.html
- collector/nvd-historical
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-2384
- agent/event
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/joey schulze
- canonical/joey schulze mod auth mysql
- vendor/apache
- canonical/apache http server
- version/apache http server/2.0
- version/apache http server/2.0.9
- version/apache http server/2.0.28
- version/apache http server/2.0.28-beta
- version/apache http server/2.0.32
- version/apache http server/2.0.32-beta
- version/apache http server/2.0.34-beta
- version/apache http server/2.0.35
- version/apache http server/2.0.36
- version/apache http server/2.0.37
- version/apache http server/2.0.38
- version/apache http server/2.0.39
- version/apache http server/2.0.40
- version/apache http server/2.0.41
- version/apache http server/2.0.42
- version/apache http server/2.0.43
- version/apache http server/2.0.44
- version/apache http server/2.0.45
- version/apache http server/2.0.46
- version/apache http server/2.0.47
- version/apache http server/2.0.48
- version/apache http server/2.0.49
- version/apache http server/2.0.50
- version/apache http server/2.0.51
- version/apache http server/2.0.52
- version/apache http server/2.0.53
- version/apache http server/2.0.54
- version/apache http server/2.0.55
- version/apache http server/2.0.56
- version/apache http server/2.0.57
- version/apache http server/2.0.58
- version/apache http server/2.0.59
- version/apache http server/2.0.60
- version/apache http server/2.0.61
- version/apache http server/2.1
- version/apache http server/2.1.1
- version/apache http server/2.1.2
- version/apache http server/2.1.3
- version/apache http server/2.1.4
- version/apache http server/2.1.5
- version/apache http server/2.1.6
- version/apache http server/2.1.7
- version/apache http server/2.1.8
- version/apache http server/2.2
- version/apache http server/2.2.0
- version/apache http server/2.2.1
- version/apache http server/2.2.2
- version/apache http server/2.2.3
- version/apache http server/2.2.4
- version/apache http server/2.2.6
- version/apache http server/2.3.0