Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
BID:9933
Info
Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
| Bugtraq ID: | 9933 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2004 12:00AM |
| Updated: | Sep 11 2006 06:48PM |
| Credit: | Discovery is credited to Andreas Steinmetz <[email protected]>. |
| Vulnerable: |
Sun Solaris 10.0_x86 Sun Solaris 10.0 Sun Solaris 10 Apache Apache 2.0.49 Apache Apache 2.0.48 Apache Apache 2.0.47 Apache Apache 2.0.46 Apache Apache 2.0.45 Apache Apache 2.0.44 Apache Apache 2.0.43 Apache Apache 2.0.42 Apache Apache 2.0.41 Apache Apache 2.0.40 Apache Apache 2.0.39 Apache Apache 2.0.38 Apache Apache 2.0.37 Apache Apache 2.0.36 Apache Apache 2.0.35 Apache Apache 2.0.32 Apache Apache 2.0.28 Beta Apache Apache 2.0.28 Apache Apache 2.0 a9 Apache Apache 2.0 |
| Not Vulnerable: | |
Discussion
Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
Apache's mod_disk_cache module is reported to be prone to a weakness that could result in an attacker gaining access to proxy or standard authentication credentials. The mod_disk_cache module is reported to store HTTP hop-by-hop headers including user login and password information in plaintext format on disk.
An attacker could use this issue in conjunction with other possible vulnerabilities in a host to gain access to user authentication credentials. Successful exploitation of this issue may lead to further attacks against vulnerable users of the affected host.
Apache versions 2.0.49 and prior with mod_disk_cache enabled are assumed to be affected by this issue.
Apache's mod_disk_cache module is reported to be prone to a weakness that could result in an attacker gaining access to proxy or standard authentication credentials. The mod_disk_cache module is reported to store HTTP hop-by-hop headers including user login and password information in plaintext format on disk.
An attacker could use this issue in conjunction with other possible vulnerabilities in a host to gain access to user authentication credentials. Successful exploitation of this issue may lead to further attacks against vulnerable users of the affected host.
Apache versions 2.0.49 and prior with mod_disk_cache enabled are assumed to be affected by this issue.
Exploit / POC
Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
There is no exploit required; this issue will depend on the mod_disk_cache module being enabled.
There is no exploit required; this issue will depend on the mod_disk_cache module being enabled.
Solution / Fix
Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
Solution:
Please see the referenced vendor advisories for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Sun Solaris 10.0_x86
Sun Solaris 10
Solution:
Please see the referenced vendor advisories for more information.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Sun Solaris 10.0_x86
Sun Solaris 10
References
Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
References:
References:
- Apache Homepage (Apache Software Foundation)
- Sun Alert ID: 102198 Security Vulnerabilities in the Apache 2 Web Server (Sun)
- Apache mod_disk_cache stores client authentication credentials on disk (Andreas Steinmetz