ID CVE-2001-1379
Summary The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
References
Vulnerable Configurations
  • cpe:2.3:a:guiseppe_tanzilli_and_matthias_eckermann:mod_auth_pgsql:0.9.5
    cpe:2.3:a:guiseppe_tanzilli_and_matthias_eckermann:mod_auth_pgsql:0.9.5
  • cpe:2.3:a:guiseppe_tanzilli_and_matthias_eckermann:mod_auth_pgsql:0.9.6
    cpe:2.3:a:guiseppe_tanzilli_and_matthias_eckermann:mod_auth_pgsql:0.9.6
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Web Servers
NASL id APACHE_AUTH_SQL_INSERTION.NASL
description The 'mod_auth_pgsql_sys' module is prior to 0.9.6. It is, therefore, affected by a SQL injection vulnerability that allows an attacker to bypass authentication.
last seen 2019-02-21
modified 2018-08-22
plugin id 10752
published 2001-09-07
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10752
title Apache Auth Module SQL Injection
redhat via4
advisories
rhsa
id RHSA-2001:124
refmap via4
bid
  • 3251
  • 3253
bugtraq 20010829 RUS-CERT Advisory 2001-08:01
conectiva CLA-2001:427
freebsd FreeBSD-SA-02:03
vulnwatch 20010829 [VulnWatch] RUS-CERT Advisory 2001-08:01
xf
  • apache-postgresql-authentication-module(7054)
  • apache-postgresqlsys-authentication-module(7059)
Last major update 28-11-2016 - 14:06
Published 29-08-2001 - 00:00
Last modified 10-07-2017 - 21:29
Back to Top