ID CVE-2004-0811
Summary Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 11239
confirm
fedora FEDORA-2004-313
gentoo GLSA-200409-33
mlist
  • [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
trustix 2004-0049
xf apache-satisfy-gain-access(17473)
statements via4
  • contributor Mark J Cox
    lastmodified 2008-07-02
    organization Apache
    statement Fixed in Apache HTTP Server 2.0.52: http://httpd.apache.org/security/vulnerabilities_20.html
  • contributor Mark J Cox
    lastmodified 2006-08-31
    organization Red Hat
    statement Not Vulnerable. This issue only affected Apache 2.0.51, which was not shipped in any version of Red Hat Enterprise Linux.
Last major update 11-07-2017 - 01:30
Published 31-12-2004 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top