Info

Disclosure

Mar 20, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Apache contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when mod_disk_cache is enabled and stores all client authentication credentials for cached objects on disk, which will disclose authentication information resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Apache Software Foundation	Apache	2.0.40
		2.0.42
		2.0.43
		2.0.44
		2.0.45
		2.0.46
		2.0.47
		2.0.48
		2.0.49

References

Security Tracker: 1009509
Secunia Advisory ID: 11176 19072
ISS X-Force ID: 15547
CVE ID: 2004-1834 (see also: NVD)
Bugtraq ID: 9933
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0203.html
Vendor URL: http://httpd.apache.org/
Packet Storm: http://packetstormsecurity.nl/0403-advisories/moddiskcache.txt
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1
http://www.linuxsecurity.com/advisories/gentoo_advisory-4156.html

Credit

Andreas Steinmetz - astdomdv.de -

Direct URL: http://osvdb.org/4446

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apache Software Foundation

Apache

References

Credit