CVE-2004-0811 - Impoundable Authorization

Description

Unknown vulnerability in Apache 2.0.51 prevents \the merging of the Satisfy directive\ which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.

Reference

http://www.apacheweek.com/features/security-20 http://www.apache.org/dist/httpd/patches/apply_to_2.0.51/CAN-2004-0811.patch http://fedoranews.org/updates/FEDORA-2004-313.shtml http://security.gentoo.org/glsa/glsa-200409-33.xml http://www.trustix.org/errata/2004/0049 http://www.securityfocus.com/bid/11239 https://exchange.xforce.ibmcloud.com/vulnerabilities/17473 https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E