SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Compaq Secure Web Server Vendors:   HPE
(HP Issues Fix for CSWS) Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
SecurityTracker Alert ID:  1011993
SecurityTracker URL:  http://securitytracker.com/id/1011993
CVE Reference:   CVE-2004-0811   (Links to External Site)
Date:  Oct 29 2004
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6.3.2a
Description:   A vulnerability was reported in Apache httpd version 2.0.51. A remote user may be able to gain access to restricted resources. HP's Secure Web Server is affected.

It is reported that there is a flaw in the merging of the Satisfy directive. A remote user may be granted access to a resource without having to authenticate when the resource is otherwise configured to require authentication.

Only version 2.0.51 is affected.

Impact:   A remote user may be able to access restricted resources.
Solution:   HP has provided a patched version of the Secure Web Server (6.3.2a) for Tru64 UNIX, available at:

http://h30097.www3.hp.com/internet/download.htm

HP plans to include the fix in the future mainstream version 6.4 of HP Internet Express for Tru64UNIX (IX).

Vendor URL:  www.hp.com/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  UNIX (Tru64)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 22 2004 Apache Satsify Directive Error May Let Remote Users Access Restricted Resources



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC