CVE-2014-8109
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
El módulo mod_lua.c en el módulo mod_lua en Apache HTTP Server 2.3.x y 2.4.x a través de 2.4.10 no soporta la configuración httpd en la cual el proveedor de autorización Lua se usa con argumentos diferentes dentro de contextos diferentes, lo que permite a atacantes remotos saltarse las restricciones de acceso en ciertas circunstancias aprovechando múltiples directivas requeridas, como se demuestra por una configuración que especifica la autorización para un grupo para acceder a un directorio determinado, y una autorización para un segundo grupo para acceder a un segundo directorio.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2014-12-29 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (25)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1174077 | 2023-02-13 | |
https://github.com/apache/httpd/commit/3f1693d558d0758f829c8b53993f1749ddf6ffcb | 2023-02-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.1 Search vendor "Apache" for product "Http Server" and version "2.4.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.2 Search vendor "Apache" for product "Http Server" and version "2.4.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.3 Search vendor "Apache" for product "Http Server" and version "2.4.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.4 Search vendor "Apache" for product "Http Server" and version "2.4.4" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.6 Search vendor "Apache" for product "Http Server" and version "2.4.6" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.7 Search vendor "Apache" for product "Http Server" and version "2.4.7" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.9 Search vendor "Apache" for product "Http Server" and version "2.4.9" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.10 Search vendor "Apache" for product "Http Server" and version "2.4.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 21 Search vendor "Fedoraproject" for product "Fedora" and version "21" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | < 12.1.4 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version " < 12.1.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.2.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.2.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.2.1 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.2.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.3.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.3.0" | - |
Affected
|