← back
CVE-2008-2384

CVE-2008-2384

EPSS 1.9%
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patchhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.htmlhttp://openwall.com/lists/oss-security/2009/01/21/10https://bugzilla.redhat.com/show_bug.cgi?id=480238http://secunia.com/advisories/33627http://secunia.com/advisories/43302https://exchange.xforce.ibmcloud.com/vulnerabilities/48163https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10172http://www.redhat.com/support/errata/RHSA-2009-0259.htmlhttp://www.redhat.com/support/errata/RHSA-2010-1002.htmlhttp://www.securityfocus.com/bid/33392