CVE-2010-1151: Race Condition
First published: Tue Mar 30 2010(Updated: )
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Apache Http Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:081
- https://bugzilla.redhat.com/show_bug.cgi?id=578168
- http://www.vupen.com/english/advisories/2010/0908
- http://www.securityfocus.com/bid/39538
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html
- http://www.vupen.com/english/advisories/2010/1148
- http://secunia.com/advisories/39823
- https://access.redhat.com/security/cve/CVE-2010-1151
- http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc13
- http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc12
- http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-8.fc11
- http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-4.el4
- http://admin.fedoraproject.org/updates/mod_auth_shadow-2.2-5.el5
- https://www.cve.org/CVERecord?id=CVE-2010-1151 https://nvd.nist.gov/vuln/detail/CVE-2010-1151
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1151.json
- collector/nvd-historical
- collector/nvd-index
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1151
- collector/redhat-cve
- agent/type
- agent/severity
- agent/references
- agent/remedy
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/apache
- canonical/apache apache http server