CVE-2010-1151

{"id": "CVE-2010-1151", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-04-20T16:30:00.553", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/39823", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:081", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/39538", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/0908", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1148", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=578168", "tags": ["Patch"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials."}, {"lang": "es", "value": "Condici\u00f3n de carrera en el m\u00f3dulo mod_auth_shadow del servidor HTTP Apache permite a atacantes remotos evitar la autenticaci\u00f3n, leer y posiblemente modificar datos, a trav\u00e9s de vectores de ataque relacionados con errores en la interacci\u00f3n con una aplicaci\u00f3n de ayuda externa para la validaci\u00f3n de las credenciales."}], "lastModified": "2010-05-27T05:49:09.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:apache_http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "180ABE44-C676-44DC-9461-6B70A055D50D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}