Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-1344

Published: 02/05/2005 Updated: 10/09/2008
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

Buffer overflow in htdigest in Apache 2.0.52 may allow malicious users to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.0.52

Vendor Advisories

Ubuntu Security Notice: apache2 vulnerability
Luca Ercoli discovered that the “htdigest” program did not perform any bounds checking when it copied the “user” and “realm” arguments into local buffers If this program is used in remotely callable CGI scripts, this could be exploited by a remote attacker to execute arbitrary code with the privileges of the CGI script ...

Exploits

Exploit DB: Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (2)
source: wwwsecurityfocuscom/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers By supplying an overly long realm value to the command line options of htdigest, it is possible to ...
Exploit DB: Apache 1.3.x - HTDigest Realm Command Line Argument Buffer Overflow (1)
source: wwwsecurityfocuscom/bid/13537/info A buffer overflow vulnerability exists in the htdigest utility included with Apache The vulnerability is due to improper bounds checking when copying user-supplied realm data into local buffers By supplying an overly long realm value to the command line options of htdigest, it is possible to t ...

References

NVD-CWE-Otherhttp://www.lucaercoli.it/advs/htdigest.txthttp://www.securiteam.com/unixfocus/5EP061FEKC.htmlhttp://www.osvdb.org/12848http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2005//Aug/msg00001.htmlhttp://www.securityfocus.com/bid/13537http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.htmlhttps://usn.ubuntu.com/120-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/25625/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook