{"id":"MGASA-2015-0011","summary":"Updated apache packages fix CVE-2014-8109","details":"Updated apache packages fix security vulnerability:\n\nmod_lua.c in the mod_lua module in the Apache HTTP Server through 2.4.10 does\nnot support an httpd configuration in which the same Lua authorization\nprovider is used with different arguments within different contexts, which\nallows remote attackers to bypass intended access restrictions in\nopportunistic circumstances by leveraging multiple Require directives, as\ndemonstrated by a configuration that specifies authorization for one group to\naccess a certain directory, and authorization for a second group to access a\nsecond directory (CVE-2014-8109).\n","modified":"2026-04-16T06:25:13.324798206Z","published":"2015-01-07T16:32:10Z","upstream":["CVE-2014-8109"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0011.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14916"},{"type":"ADVISORY","url":"http://www.cvedetails.com/cve/CVE-2014-8109/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-12/msg00108.html"}],"affected":[{"package":{"name":"apache","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/apache?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.7-5.5.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0011.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}