NA
CVSSv3

CVE-2002-1233

CVSSv4: NA | CVSSv3: NA | CVSSv2: 2.6 | VMScore: 360 | EPSS: 0.00044 | KEV: Not Included
Published: 04/11/2002 Updated: 20/11/2024

Vulnerability Summary

A regression error in the Debian distributions of the apache-ssl package (prior to 1.3.9 on Debian 2.2, and prior to 1.3.26 on Debian 3.0), for Apache 1.3.27 and previous versions, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 1.3.17

apache http server 1.3.18

apache http server 1.3.19

apache http server 1.3.20

apache http server 1.3.22

apache http server 1.3.23

apache http server 1.3.24

apache http server 1.3.25

apache http server 1.3.26

apache http server 1.3.27

Vendor Advisories

According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well These vulnerabilities could allow an attacker to enact a denial of service aga ...
According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache server package, a commonly used webserver Most of the code is shared between the Apache and Apache-Perl packages, so vulnerabilities are shared as well These vulnerabilities could allow an attacker to enact a denial of ser ...