Title: MySQLDumper Apache Access Control Authentication Bypass Vulnerability
Severity: HIGH
Description:
MySQLDumper is an open-source backup application implemented in PHP.
MySQLDumper is prone to an authentication-bypass vulnerability due to a configuration error in the Apache access control files.
Specifically, the vulnerability stems from the use of the '<Limit GET>' directive in the '.htaccess' Apache access control file created by the application. This causes Apache to require authentication for HTTP GET requests only. An attacker may bypass the authentication using an HTTP POST request.
Attackers can exploit this issue to remove the Apache access control files, to gain access to protected files, and to compromise the affected application.
Affected Products:
- MySQLDumper MySQLDumper 1.21b
- MySQLDumper MySQLDumper 1.22
- MySQLDumper MySQLDumper 1.23_pre_release_REV22
- MySQLDumper MySQLDumper Typo3-Extension 0.0.5
References:
- MySQLDumper: MySQLDumper Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
