Published: 12/03/2001 Updated: 09/10/2020

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 1.3.14
apache http server 2.0
debian debian linux 2.2

WireX have found some occurrences of insecure opening of temporary files in htdigest and htpasswd Both programs are not installed setuid or setgid and thus the impact should be minimal The Apache group has released another security bugfix which fixes a vulnerability in mod_rewrite which may result the remote attacker to access arbitrary files on ...

According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache server package, a commonly used webserver Most of the code is shared between the Apache and Apache-Perl packages, so vulnerabilities are shared as well These vulnerabilities could allow an attacker to enact a denial of ser ...

According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well These vulnerabilities could allow an attacker to enact a denial of service aga ...

CWE-59 http://www.securityfocus.com/bid/2182 http://www.debian.org/security/2001/dsa-021 http://marc.info/?l=bugtraq&m=97916374410647&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/5926 https://nvd.nist.gov https://www.debian.org/security/./dsa-021

CVE-2001-0131

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect