MGASA-2015-0011

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0011.html

Import Source

https://advisories.mageia.org/MGASA-2015-0011.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0011

Related

CVE-2014-8109

Published

2015-01-07T16:32:10Z

Modified

2015-01-07T16:24:30Z

Summary

Updated apache packages fix CVE-2014-8109

Details

Updated apache packages fix security vulnerability:

modlua.c in the modlua module in the Apache HTTP Server through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory (CVE-2014-8109).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / apache

Package

Name: apache
Purl: pkg:rpm/mageia/apache?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.7-5.5.mga4

Ecosystem specific

{
    "section": "core"
}