CVE-2010-1151
Apache HTTP Server - Authentication Bypass via mod_auth_shadow Race Condition
Title source: llmDescription
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
References (8)
Core 8
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0908
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39538
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:081
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39823
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=578168
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1148
Scores
EPSS
0.0377
EPSS Percentile
88.5%
Details
CWE
CWE-362
Status
published
Products (1)
apache/apache_http_server
Published
Apr 20, 2010
Tracked Since
Feb 18, 2026