CVE-2004-0811 - Impoundable Authorization
Description
Unknown vulnerability in Apache 2.0.51 prevents \the merging of the Satisfy directive\ which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
Reference
http://www.apacheweek.com/features/security-20 http://www.apache.org/dist/httpd/patches/apply_to_2.0.51/CAN-2004-0811.patch http://fedoranews.org/updates/FEDORA-2004-313.shtml http://security.gentoo.org/glsa/glsa-200409-33.xml http://www.trustix.org/errata/2004/0049 http://www.securityfocus.com/bid/11239 https://exchange.xforce.ibmcloud.com/vulnerabilities/17473 https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E