Vulnerability Details : CVE-2010-1151
Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
Exploit prediction scoring system (EPSS) score for CVE-2010-1151
Probability of exploitation activity in the next 30 days: 0.37%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1151
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-1151
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1151
-
http://www.securityfocus.com/bid/39538
Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html
[SECURITY] Fedora 12 Update: mod_auth_shadow-2.2-8.fc12
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:081
mandriva.com
-
http://www.vupen.com/english/advisories/2010/0908
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2010/1148
Webmail | OVH- OVH
-
https://bugzilla.redhat.com/show_bug.cgi?id=578168
578168 – (CVE-2010-1151) CVE-2010-1151 mod_auth_shadow: bad wait(2) call causes randomized authorization behaviourPatch
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html
[SECURITY] Fedora 11 Update: mod_auth_shadow-2.2-8.fc11
Products affected by CVE-2010-1151
- cpe:2.3:a:apache:apache_http_server:*:*:*:*:*:*:*:*