CVE-2005-2963 Information

Description

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive even when other authentication mechanisms are specified which might allow remote authenticated users to bypass security restrictions.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323789 http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:200 http://secunia.com/advisories/17060/ http://secunia.com/advisories/17067 http://secunia.com/advisories/17348 http://www.debian.org/security/2005/dsa-844 http://www.osvdb.org/19863 http://www.securityfocus.com/bid/15224 https://exchange.xforce.ibmcloud.com/vulnerabilities/22520