1. CVE-Search
  2. CVE-2002-1233
ID CVE-2002-1233
Summary A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2016 - 02:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:N
refmap via4
bid
  • 5981
  • 5990
bugtraq 20021016 Apache 1.3.26
debian
  • DSA-187
  • DSA-188
  • DSA-195
xf
  • apache-htdigest-tmpfile-race(10413)
  • apache-htpasswd-tmpfile-race(10412)
Last major update 18-10-2016 - 02:25
Published 04-11-2002 - 05:00
Last modified 18-10-2016 - 02:25
Back to Top