{"id": "CVE-2002-1233", "bulletinFamily": "NVD", "title": "CVE-2002-1233", "description": "A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.", "published": "2002-11-04T00:00:00", "modified": "2016-10-17T22:25:03", "cvss": {"score": 2.6, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1233", "reporter": "NVD", "references": ["http://www.debian.org/security/2002/dsa-188", "http://marc.info/?l=bugtraq&m=103480856102007&w=2", "http://www.securityfocus.com/bid/5990", "http://www.debian.org/security/2002/dsa-187", "http://www.iss.net/security_center/static/10413.php", "http://www.iss.net/security_center/static/10412.php", "http://www.debian.org/security/2002/dsa-195", "http://www.securityfocus.com/bid/5981"], "cvelist": ["CVE-2002-1233"], "type": "cve", "lastseen": "2017-04-18T15:49:49", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:apache:http_server:1.3.27", "cpe:/a:apache:http_server:1.3.24", "cpe:/a:apache:http_server:1.3.22", "cpe:/a:apache:http_server:1.3.19::win32", "cpe:/a:apache:http_server:1.3.17", "cpe:/a:apache:http_server:1.3.24::win32", "cpe:/a:apache:http_server:1.3.25::win32", "cpe:/a:apache:http_server:1.3.22::win32", "cpe:/a:apache:http_server:1.3.17::win32", "cpe:/a:apache:http_server:1.3.20", "cpe:/a:apache:http_server:1.3.19", "cpe:/a:apache:http_server:1.3.25", "cpe:/a:apache:http_server:1.3.26", "cpe:/a:apache:http_server:1.3.23::win32", "cpe:/a:apache:http_server:1.3.18", "cpe:/a:apache:http_server:1.3.18::win32", "cpe:/a:apache:http_server:1.3.23", "cpe:/a:apache:http_server:1.3.20::win32", "cpe:/a:apache:http_server:1.3.26::win32"], "cvelist": ["CVE-2002-1233"], "cvss": {"score": 2.6, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "description": "A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.", "edition": 1, "hash": "5e241cfa8bde1c117e233e713397c2c6e84d95910285f71d72212867992c7e97", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "1fba4fa198659aeceda629d614011034", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "d89b62d45b32dcd2b4093a51e5c401e7", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e7f79ba4d0f49b163ca4092509681445", "key": "href"}, {"hash": "f50b8bb0539953dc06767983e2e0e02c", "key": "cpe"}, {"hash": "91983c353faae6c59f77d277ee200403", "key": "published"}, {"hash": "06339adbb6cd551a1df0bfba99640d49", "key": "cvelist"}, {"hash": "ba122b1317b1a1d0b63d5848a61e144e", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "8ad198357bfac8d201698d794b1d037f", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "77c78fdb523f5c40ec2fba9235e10943", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1233", "id": "CVE-2002-1233", "lastseen": "2016-09-03T03:34:15", "modified": "2008-09-10T15:14:06", "objectVersion": "1.2", "published": "2002-11-04T00:00:00", "references": ["http://www.debian.org/security/2002/dsa-188", "http://www.securityfocus.com/bid/5990", "http://www.debian.org/security/2002/dsa-187", "http://www.iss.net/security_center/static/10413.php", "http://www.iss.net/security_center/static/10412.php", "http://www.debian.org/security/2002/dsa-195", "http://www.securityfocus.com/bid/5981", "http://marc.theaimsgroup.com/?l=bugtraq&m=103480856102007&w=2"], "reporter": "NVD", "scanner": [], "title": "CVE-2002-1233", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T03:34:15"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f50b8bb0539953dc06767983e2e0e02c"}, {"key": "cvelist", "hash": "06339adbb6cd551a1df0bfba99640d49"}, {"key": "cvss", "hash": "8ad198357bfac8d201698d794b1d037f"}, {"key": "description", "hash": "d89b62d45b32dcd2b4093a51e5c401e7"}, {"key": "href", "hash": "e7f79ba4d0f49b163ca4092509681445"}, {"key": "modified", "hash": "869e7cce82fc7f3204ccb58cd6530a0a"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "91983c353faae6c59f77d277ee200403"}, {"key": "references", "hash": "8b436196e64259f93f523ecef260b46b"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "77c78fdb523f5c40ec2fba9235e10943"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ab793c058de6d333ffa6089daf28192f0f01af2dd084862cda6585d193babab3", "viewCount": 1, "objectVersion": "1.2", "cpe": ["cpe:/a:apache:http_server:1.3.27", "cpe:/a:apache:http_server:1.3.24", "cpe:/a:apache:http_server:1.3.22", "cpe:/a:apache:http_server:1.3.19::win32", "cpe:/a:apache:http_server:1.3.17", "cpe:/a:apache:http_server:1.3.24::win32", "cpe:/a:apache:http_server:1.3.25::win32", "cpe:/a:apache:http_server:1.3.22::win32", "cpe:/a:apache:http_server:1.3.17::win32", "cpe:/a:apache:http_server:1.3.20", "cpe:/a:apache:http_server:1.3.19", "cpe:/a:apache:http_server:1.3.25", "cpe:/a:apache:http_server:1.3.26", "cpe:/a:apache:http_server:1.3.23::win32", "cpe:/a:apache:http_server:1.3.18", "cpe:/a:apache:http_server:1.3.18::win32", "cpe:/a:apache:http_server:1.3.23", "cpe:/a:apache:http_server:1.3.20::win32", "cpe:/a:apache:http_server:1.3.26::win32"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": [], "enchantments": {"score": {"value": 2.1, "vector": "NONE", "modified": "2017-04-18T15:49:49"}, "vulnersScore": 2.1}}

{"osvdb": [{"lastseen": "2017-04-28T13:20:04", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://httpd.apache.org/\n[Related OSVDB ID: 9697](https://vulners.com/osvdb/OSVDB:9697)\nISS X-Force ID: 5926\nISS X-Force ID: 10413\n[CVE-2002-1233](https://vulners.com/cve/CVE-2002-1233)\n[CVE-2001-0131](https://vulners.com/cve/CVE-2001-0131)\nBugtraq ID: 2182\n", "reporter": "OSVDB", "published": "2001-01-10T00:00:00", "title": "Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2001-0131", "CVE-2002-1233"], "modified": "2001-01-10T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9696", "id": "OSVDB:9696", "cvss": {"score": 2.6, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:04", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://httpd.apache.org/\n[Related OSVDB ID: 9696](https://vulners.com/osvdb/OSVDB:9696)\nISS X-Force ID: 5926\nISS X-Force ID: 10413\n[CVE-2002-1233](https://vulners.com/cve/CVE-2002-1233)\n[CVE-2001-0131](https://vulners.com/cve/CVE-2001-0131)\nBugtraq ID: 2182\n", "reporter": "OSVDB", "published": "2001-01-10T00:00:00", "title": "Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "affectedSoftware": [], "bulletinFamily": "software", "cvelist": ["CVE-2001-0131", "CVE-2002-1233"], "modified": "2001-01-10T00:00:00", "id": "OSVDB:9697", "href": "https://vulners.com/osvdb/OSVDB:9697", "cvss": {"score": 2.6, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:48:38", "references": ["http://www.debian.org/security/2002/dsa-195"], "pluginID": "15032", "description": "According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache server package, a commonly used webserver. Most of the code is shared between the Apache and Apache-Perl packages, so vulnerabilities are shared as well.\n\nThese vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross site scripting attack, or steal cookies from other website users. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities :\n\n - CAN-2002-0839: A vulnerability exists on platforms using System V shared memory based scoreboards. This vulnerability allows an attacker to execute code under the Apache UID to exploit the Apache shared memory scoreboard format and send a signal to any process as root or cause a local denial of service attack.\n - CAN-2002-0840: Apache is susceptible to a cross site scripting vulnerability in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups.\n\n - CAN-2002-0843: There were some possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server. No such binary programs are distributed by the Apache-Perl package, though.\n\n - CAN-2002-1233: A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program. No such binary programs are distributed by the Apache-Perl package, though.\n\n - CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. No such binary programs are distributed by the Apache-Perl package, though.\n\n - NO-CAN: Several buffer overflows have been found in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings. No such binary programs are distributed by the Apache-Perl package, though.\n\nThese problems have been fixed in version 1.3.26-1-1.26-0woody2 for the current stable distribution (woody), in 1.3.9-14.1-1.21.20000309-1.1 for the old stable distribution (potato) and in version 1.3.26-1.1-1.27-3-1 for the unstable distribution (sid).", "edition": 5, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-195-1 : apache-perl - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2018-07-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:apache-perl"], "id": "DEBIAN_DSA-195.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15032", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-195. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15032);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/07/20 2:17:10\");\n\n script_cve_id(\"CVE-2001-0131\", \"CVE-2002-0839\", \"CVE-2002-0840\", \"CVE-2002-0843\", \"CVE-2002-1233\");\n script_bugtraq_id(5847, 5884, 5887, 5995);\n script_xref(name:\"DSA\", value:\"195\");\n\n script_name(english:\"Debian DSA-195-1 : apache-perl - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several vulnerabilities have been found in the Apache server\npackage, a commonly used webserver. Most of the code is shared between\nthe Apache and Apache-Perl packages, so vulnerabilities are shared as\nwell.\n\nThese vulnerabilities could allow an attacker to enact a denial of\nservice against a server or execute a cross site scripting attack, or\nsteal cookies from other website users. The Common Vulnerabilities and\nExposures (CVE) project identified the following vulnerabilities :\n\n - CAN-2002-0839: A vulnerability exists on platforms using\n System V shared memory based scoreboards. This\n vulnerability allows an attacker to execute code under\n the Apache UID to exploit the Apache shared memory\n scoreboard format and send a signal to any process as\n root or cause a local denial of service attack.\n - CAN-2002-0840: Apache is susceptible to a cross site\n scripting vulnerability in the default 404 page of any\n web server hosted on a domain that allows wildcard DNS\n lookups.\n\n - CAN-2002-0843: There were some possible overflows in the\n utility ApacheBench (ab) which could be exploited by a\n malicious server. No such binary programs are\n distributed by the Apache-Perl package, though.\n\n - CAN-2002-1233: A race condition in the htpasswd and\n htdigest program enables a malicious local user to read\n or even modify the contents of a password file or easily\n create and overwrite files as the user running the\n htpasswd (or htdigest respectively) program. No such\n binary programs are distributed by the Apache-Perl\n package, though.\n\n - CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9,\n 1.3.14, and others allows local users to overwrite\n arbitrary files via a symlink attack. No such binary\n programs are distributed by the Apache-Perl package,\n though.\n\n - NO-CAN: Several buffer overflows have been found in the\n ApacheBench (ab) utility that could be exploited by a\n remote server returning very long strings. No such\n binary programs are distributed by the Apache-Perl\n package, though.\n\nThese problems have been fixed in version 1.3.26-1-1.26-0woody2 for\nthe current stable distribution (woody), in\n1.3.9-14.1-1.21.20000309-1.1 for the old stable distribution (potato)\nand in version 1.3.26-1.1-1.27-3-1 for the unstable distribution\n(sid).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-195\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the Apache-Perl package immediately.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"apache-perl\", reference:\"1.3.9-14.1-1.21.20000309-1.1\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"apache-perl\", reference:\"1.3.26-1-1.26-0woody2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:45:14", "references": ["http://www.debian.org/security/2002/dsa-187"], "pluginID": "15024", "description": "According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several remotely exploitable vulnerabilities have been found in the Apache package, a commonly used webserver. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities :\n\n - CAN-2002-0839: A vulnerability exists on platforms using System V shared memory based scoreboards. This vulnerability allows an attacker to execute code under the Apache UID to exploit the Apache shared memory scoreboard format and send a signal to any process as root or cause a local denial of service attack.\n - CAN-2002-0840: Apache is susceptible to a cross site scripting vulnerability in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups.\n\n - CAN-2002-0843: There were some possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server.\n\n - CAN-2002-1233: A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program.\n\n - CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.\n\n This is the same vulnerability as CAN-2002-1233, which was fixed in potato already but got lost later and was never applied upstream.\n\n - NO-CAN: Several buffer overflows have been found in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings.\nThese problems have been fixed in version 1.3.26-0woody3 for the current stable distribution (woody) and in 1.3.9-14.3 for the old stable distribution (potato). Corrected packages for the unstable distribution (sid) are expected soon.", "edition": 6, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-187-1 : apache - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2018-07-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:apache"], "id": "DEBIAN_DSA-187.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15024", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-187. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15024);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2018/07/20 2:17:10\");\n\n script_cve_id(\"CVE-2001-0131\", \"CVE-2002-0839\", \"CVE-2002-0840\", \"CVE-2002-0843\", \"CVE-2002-1233\");\n script_bugtraq_id(2182, 5847, 5884, 5887, 5995);\n script_xref(name:\"DSA\", value:\"187\");\n\n script_name(english:\"Debian DSA-187-1 : apache - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several remotely exploitable vulnerabilities have been found\nin the Apache package, a commonly used webserver. These\nvulnerabilities could allow an attacker to enact a denial of service\nagainst a server or execute a cross scripting attack. The Common\nVulnerabilities and Exposures (CVE) project identified the following\nvulnerabilities :\n\n - CAN-2002-0839: A vulnerability exists on platforms using\n System V shared memory based scoreboards. This\n vulnerability allows an attacker to execute code under\n the Apache UID to exploit the Apache shared memory\n scoreboard format and send a signal to any process as\n root or cause a local denial of service attack.\n - CAN-2002-0840: Apache is susceptible to a cross site\n scripting vulnerability in the default 404 page of any\n web server hosted on a domain that allows wildcard DNS\n lookups.\n\n - CAN-2002-0843: There were some possible overflows in the\n utility ApacheBench (ab) which could be exploited by a\n malicious server.\n\n - CAN-2002-1233: A race condition in the htpasswd and\n htdigest program enables a malicious local user to read\n or even modify the contents of a password file or easily\n create and overwrite files as the user running the\n htpasswd (or htdigest respectively) program.\n\n - CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9,\n 1.3.14, and others allows local users to overwrite\n arbitrary files via a symlink attack.\n\n This is the same vulnerability as CAN-2002-1233, which\n was fixed in potato already but got lost later and was\n never applied upstream.\n\n - NO-CAN: Several buffer overflows have been found in the\n ApacheBench (ab) utility that could be exploited by a\n remote server returning very long strings.\nThese problems have been fixed in version 1.3.26-0woody3 for the\ncurrent stable distribution (woody) and in 1.3.9-14.3 for the old\nstable distribution (potato). Corrected packages for the unstable\ndistribution (sid) are expected soon.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-187\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the Apache package immediately.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"apache\", reference:\"1.3.9-14.3\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"apache-common\", reference:\"1.3.9-14.3\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"apache-dev\", reference:\"1.3.9-14.3\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"apache-doc\", reference:\"1.3.9-14.3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"apache\", reference:\"1.3.26-0woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"apache-common\", reference:\"1.3.26-0woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"apache-dev\", reference:\"1.3.26-0woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"apache-doc\", reference:\"1.3.26-0woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:06:46", "references": ["http://www.debian.org/security/2002/dsa-188"], "pluginID": "15025", "description": "According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver. Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack, or steal cookies from other web site users. Vulnerabilities in the included legacy programs htdigest, htpasswd and ApacheBench can be exploited when called via CGI. Additionally the insecure temporary file creation in htdigest and htpasswd can also be exploited locally.\nThe Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities :\n\n - CAN-2002-0839: A vulnerability exists on platforms using System V shared memory based scoreboards. This vulnerability allows an attacker to execute code under the Apache UID to exploit the Apache shared memory scoreboard format and send a signal to any process as root or cause a local denial of service attack.\n - CAN-2002-0840: Apache is susceptible to a cross site scripting vulnerability in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups.\n\n - CAN-2002-0843: There were some possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server.\n\n - CAN-2002-1233: A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program. (binaries not included in apache-ssl package though)\n\n - CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.\n\n This is the same vulnerability as CAN-2002-1233, which was fixed in potato already but got lost later and was never applied upstream. (binaries not included in apache-ssl package though)\n\n - NO-CAN: Several buffer overflows have been found in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings. (binary not included in apache-ssl package though) These problems have been fixed in version 1.3.26.1+1.48-0woody3 for the current stable distribution (woody) and in 1.3.9.13-4.2 for the old stable distribution (potato). Corrected packages for the unstable distribution (sid) are expected soon.", "edition": 5, "reporter": "Tenable", "published": "2004-09-29T00:00:00", "title": "Debian DSA-188-1 : apache-ssl - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2018-07-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "p-cpe:/a:debian:debian_linux:apache-ssl", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-188.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=15025", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-188. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(15025);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/07/20 2:17:10\");\n\n script_cve_id(\"CVE-2001-0131\", \"CVE-2002-0839\", \"CVE-2002-0840\", \"CVE-2002-0843\", \"CVE-2002-1233\");\n script_bugtraq_id(5847, 5884, 5887, 5995);\n script_xref(name:\"DSA\", value:\"188\");\n\n script_name(english:\"Debian DSA-188-1 : apache-ssl - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several vulnerabilities have been found in the Apache\npackage, a commonly used webserver. Most of the code is shared between\nthe Apache and Apache-SSL packages, so vulnerabilities are shared as\nwell. These vulnerabilities could allow an attacker to enact a denial\nof service against a server or execute a cross scripting attack, or\nsteal cookies from other web site users. Vulnerabilities in the\nincluded legacy programs htdigest, htpasswd and ApacheBench can be\nexploited when called via CGI. Additionally the insecure temporary\nfile creation in htdigest and htpasswd can also be exploited locally.\nThe Common Vulnerabilities and Exposures (CVE) project identified the\nfollowing vulnerabilities :\n\n - CAN-2002-0839: A vulnerability exists on platforms using\n System V shared memory based scoreboards. This\n vulnerability allows an attacker to execute code under\n the Apache UID to exploit the Apache shared memory\n scoreboard format and send a signal to any process as\n root or cause a local denial of service attack.\n - CAN-2002-0840: Apache is susceptible to a cross site\n scripting vulnerability in the default 404 page of any\n web server hosted on a domain that allows wildcard DNS\n lookups.\n\n - CAN-2002-0843: There were some possible overflows in the\n utility ApacheBench (ab) which could be exploited by a\n malicious server.\n\n - CAN-2002-1233: A race condition in the htpasswd and\n htdigest program enables a malicious local user to read\n or even modify the contents of a password file or easily\n create and overwrite files as the user running the\n htpasswd (or htdigest respectively) program. (binaries\n not included in apache-ssl package though)\n\n - CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9,\n 1.3.14, and others allows local users to overwrite\n arbitrary files via a symlink attack.\n\n This is the same vulnerability as CAN-2002-1233, which\n was fixed in potato already but got lost later and was\n never applied upstream. (binaries not included in\n apache-ssl package though)\n\n - NO-CAN: Several buffer overflows have been found in the\n ApacheBench (ab) utility that could be exploited by a\n remote server returning very long strings. (binary not\n included in apache-ssl package though)\nThese problems have been fixed in version 1.3.26.1+1.48-0woody3 for\nthe current stable distribution (woody) and in 1.3.9.13-4.2 for the\nold stable distribution (potato). Corrected packages for the unstable\ndistribution (sid) are expected soon.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2002/dsa-188\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the Apache-SSL package immediately.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:apache-ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"apache-ssl\", reference:\"1.3.9.13-4.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"apache-ssl\", reference:\"1.3.26.1+1.48-0woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:30:10", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "arm", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_arm.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.1-1.21.20000309-1.1", "arch": "sparc", "packageFilename": "apache-perl_1.3.9-14.1-1.21.20000309-1.1_sparc.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.1-1.21.20000309-1.1", "arch": "alpha", "packageFilename": "apache-perl_1.3.9-14.1-1.21.20000309-1.1_alpha.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "src", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2.tar.gz", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "alpha", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_alpha.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.1-1.21.20000309-1.1", "arch": "ppc", "packageFilename": "apache-perl_1.3.9-14.1-1.21.20000309-1.1_powerpc.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "mipsel", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_mipsel.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "ia64", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_ia64.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "m68k", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_m68k.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.1-1.21.20000309-1.1", "arch": "src", "packageFilename": "apache-perl_1.3.9-14.1-1.21.20000309-1.1.dsc", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "mips", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_mips.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.1-1.21.20000309-1.1", "arch": "src", "packageFilename": "apache-perl_1.3.9-14.1-1.21.20000309-1.1.tar.gz", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "src", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2.dsc", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "ppc", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_powerpc.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "i686", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_i386.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.1-1.21.20000309-1.1", "arch": "i686", "packageFilename": "apache-perl_1.3.9-14.1-1.21.20000309-1.1_i386.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "s390x", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_s390.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.1-1.21.20000309-1.1", "arch": "m68k", "packageFilename": "apache-perl_1.3.9-14.1-1.21.20000309-1.1_m68k.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.1-1.21.20000309-1.1", "arch": "arm", "packageFilename": "apache-perl_1.3.9-14.1-1.21.20000309-1.1_arm.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "sparc", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_sparc.deb", "packageName": "apache-perl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-1-1.26-0woody2", "arch": "hppa", "packageFilename": "apache-perl_1.3.26-1-1.26-0woody2_hppa.deb", "packageName": "apache-perl", "operator": "lt"}], "description": "According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache server package, a commonly used webserver. Most of the code is shared between the Apache and Apache-Perl packages, so vulnerabilities are shared as well.\n\nThese vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross site scripting attack, or steal cookies from other web site users. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:\n\n 1. CAN-2002-0839: A vulnerability exists on platforms using System V shared memory based scoreboards. This vulnerability allows an attacker to execute code under the Apache UID to exploit the Apache shared memory scoreboard format and send a signal to any process as root or cause a local denial of service attack.\n 2. CAN-2002-0840: Apache is susceptible to a cross site scripting vulnerability in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups.\n 3. CAN-2002-0843: There were some possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server. No such binary programs are distributed by the Apache-Perl package, though.\n 4. CAN-2002-1233: A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program. No such binary programs are distributed by the Apache-Perl package, though.\n 5. CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. No such binary programs are distributed by the Apache-Perl package, though.\n 6. NO-CAN: Several buffer overflows have been found in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings. No such binary programs are distributed by the Apache-Perl package, though.\n\nThese problems have been fixed in version 1.3.26-1-1.26-0woody2 for the current stable distribution (woody), in 1.3.9-14.1-1.21.20000309-1.1 for the old stable distribution (potato) and in version 1.3.26-1.1-1.27-3-1 for the unstable distribution (sid).\n\nWe recommend that you upgrade your Apache-Perl package immediately.", "edition": 1, "reporter": "Debian", "published": "2002-11-13T00:00:00", "title": "apache-perl -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2002-11-13T00:00:00", "id": "DSA-195", "href": "http://www.debian.org/security/dsa-195", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:32:40", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13-4.2", "arch": "m68k", "packageFilename": "apache-ssl_1.3.9.13-4.2_m68k.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13-4.2", "arch": "i686", "packageFilename": "apache-ssl_1.3.9.13-4.2_i386.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13-4.2.diff", "arch": "src", "packageFilename": "apache-ssl_1.3.9.13-4.2.diff.gz", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "s390x", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_s390.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "sparc", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_sparc.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13-4.2", "arch": "alpha", "packageFilename": "apache-ssl_1.3.9.13-4.2_alpha.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "ia64", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_ia64.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13-4.2", "arch": "sparc", "packageFilename": "apache-ssl_1.3.9.13-4.2_sparc.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "ppc", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_powerpc.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "i686", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_i386.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13-4.2", "arch": "src", "packageFilename": "apache-ssl_1.3.9.13-4.2.dsc", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "m68k", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_m68k.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13-4.2", "arch": "ppc", "packageFilename": "apache-ssl_1.3.9.13-4.2_powerpc.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "src", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3.dsc", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13.orig", "arch": "src", "packageFilename": "apache-ssl_1.3.9.13.orig.tar.gz", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "mips", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_mips.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48.orig", "arch": "src", "packageFilename": "apache-ssl_1.3.26.1+1.48.orig.tar.gz", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "hppa", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_hppa.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "arm", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_arm.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.13-4.2", "arch": "arm", "packageFilename": "apache-ssl_1.3.9.13-4.2_arm.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "alpha", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_alpha.deb", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3.diff", "arch": "src", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3.diff.gz", "packageName": "apache-ssl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.1+1.48-0woody3", "arch": "mipsel", "packageFilename": "apache-ssl_1.3.26.1+1.48-0woody3_mipsel.deb", "packageName": "apache-ssl", "operator": "lt"}], "description": "According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several vulnerabilities have been found in the Apache package, a commonly used webserver. Most of the code is shared between the Apache and Apache-SSL packages, so vulnerabilities are shared as well. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack, or steal cookies from other web site users. Vulnerabilities in the included legacy programs htdigest, htpasswd and ApacheBench can be exploited when called via CGI. Additionally the insecure temporary file creation in htdigest and htpasswd can also be exploited locally. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:\n\n 1. CAN-2002-0839: A vulnerability exists on platforms using System V shared memory based scoreboards. This vulnerability allows an attacker to execute code under the Apache UID to exploit the Apache shared memory scoreboard format and send a signal to any process as root or cause a local denial of service attack.\n 2. CAN-2002-0840: Apache is susceptible to a cross site scripting vulnerability in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups.\n 3. CAN-2002-0843: There were some possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server.\n 4. CAN-2002-1233: A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program. (binaries not included in apache-ssl package though)\n 5. CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. \n\nThis is the same vulnerability as CAN-2002-1233, which was fixed in potato already but got lost later and was never applied upstream. (binaries not included in apache-ssl package though)\n\n 6. NO-CAN: Several buffer overflows have been found in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings. (binary not included in apache-ssl package though)\n\nThese problems have been fixed in version 1.3.26.1+1.48-0woody3 for the current stable distribution (woody) and in 1.3.9.13-4.2 for the old stable distribution (potato). Corrected packages for the unstable distribution (sid) are expected soon.\n\nWe recommend that you upgrade your Apache-SSL package immediately.", "edition": 1, "reporter": "Debian", "published": "2002-11-05T00:00:00", "title": "apache-ssl -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2002-11-05T00:00:00", "id": "DSA-188", "href": "http://www.debian.org/security/dsa-188", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:20:26", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "sparc", "packageFilename": "apache-dev_1.3.9-14.3_sparc.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "alpha", "packageFilename": "apache_1.3.26-0woody3_alpha.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "i686", "packageFilename": "apache-common_1.3.9-14.3_i386.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "alpha", "packageFilename": "apache-common_1.3.26-0woody3_alpha.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "s390x", "packageFilename": "apache-dev_1.3.26-0woody3_s390.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "s390x", "packageFilename": "apache-common_1.3.26-0woody3_s390.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "s390x", "packageFilename": "apache_1.3.26-0woody3_s390.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "mipsel", "packageFilename": "apache_1.3.26-0woody3_mipsel.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "sparc", "packageFilename": "apache-dev_1.3.26-0woody3_sparc.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "alpha", "packageFilename": "apache-dev_1.3.26-0woody3_alpha.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "ia64", "packageFilename": "apache_1.3.26-0woody3_ia64.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "m68k", "packageFilename": "apache-dev_1.3.26-0woody3_m68k.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9.orig", "arch": "src", "packageFilename": "apache_1.3.9.orig.tar.gz", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "ppc", "packageFilename": "apache_1.3.9-14.3_powerpc.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "i686", "packageFilename": "apache-dev_1.3.26-0woody3_i386.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "mips", "packageFilename": "apache_1.3.26-0woody3_mips.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "m68k", "packageFilename": "apache_1.3.26-0woody3_m68k.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "arm", "packageFilename": "apache_1.3.9-14.3_arm.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "ppc", "packageFilename": "apache-dev_1.3.26-0woody3_powerpc.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "arm", "packageFilename": "apache-dev_1.3.26-0woody3_arm.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "mips", "packageFilename": "apache-dev_1.3.26-0woody3_mips.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "ppc", "packageFilename": "apache-common_1.3.9-14.3_powerpc.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "arm", "packageFilename": "apache-common_1.3.26-0woody3_arm.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "i686", "packageFilename": "apache_1.3.26-0woody3_i386.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "i686", "packageFilename": "apache_1.3.9-14.3_i386.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "mipsel", "packageFilename": "apache-dev_1.3.26-0woody3_mipsel.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "i686", "packageFilename": "apache-common_1.3.26-0woody3_i386.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "src", "packageFilename": "apache_1.3.9-14.3.dsc", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "all", "packageFilename": "apache-doc_1.3.26-0woody3_all.deb", "packageName": "apache-doc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "sparc", "packageFilename": "apache-common_1.3.26-0woody3_sparc.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "i686", "packageFilename": "apache-dev_1.3.9-14.3_i386.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "m68k", "packageFilename": "apache_1.3.9-14.3_m68k.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "ppc", "packageFilename": "apache-dev_1.3.9-14.3_powerpc.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "src", "packageFilename": "apache_1.3.26-0woody3.dsc", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "ia64", "packageFilename": "apache-dev_1.3.26-0woody3_ia64.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "m68k", "packageFilename": "apache-common_1.3.9-14.3_m68k.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "m68k", "packageFilename": "apache-common_1.3.26-0woody3_m68k.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "hppa", "packageFilename": "apache-common_1.3.26-0woody3_hppa.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "all", "packageFilename": "apache-doc_1.3.9-14.3_all.deb", "packageName": "apache-doc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "sparc", "packageFilename": "apache_1.3.9-14.3_sparc.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "ia64", "packageFilename": "apache-common_1.3.26-0woody3_ia64.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3.diff", "arch": "src", "packageFilename": "apache_1.3.9-14.3.diff.gz", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "sparc", "packageFilename": "apache-common_1.3.9-14.3_sparc.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "hppa", "packageFilename": "apache_1.3.26-0woody3_hppa.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "ppc", "packageFilename": "apache_1.3.26-0woody3_powerpc.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "arm", "packageFilename": "apache_1.3.26-0woody3_arm.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "mips", "packageFilename": "apache-common_1.3.26-0woody3_mips.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "ppc", "packageFilename": "apache-common_1.3.26-0woody3_powerpc.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "hppa", "packageFilename": "apache-dev_1.3.26-0woody3_hppa.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26.orig", "arch": "src", "packageFilename": "apache_1.3.26.orig.tar.gz", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "arm", "packageFilename": "apache-common_1.3.9-14.3_arm.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "alpha", "packageFilename": "apache-dev_1.3.9-14.3_alpha.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "sparc", "packageFilename": "apache_1.3.26-0woody3_sparc.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "m68k", "packageFilename": "apache-dev_1.3.9-14.3_m68k.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "alpha", "packageFilename": "apache-common_1.3.9-14.3_alpha.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "arm", "packageFilename": "apache-dev_1.3.9-14.3_arm.deb", "packageName": "apache-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3", "arch": "mipsel", "packageFilename": "apache-common_1.3.26-0woody3_mipsel.deb", "packageName": "apache-common", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "2.2", "packageVersion": "1.3.9-14.3", "arch": "alpha", "packageFilename": "apache_1.3.9-14.3_alpha.deb", "packageName": "apache", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.3.26-0woody3.diff", "arch": "src", "packageFilename": "apache_1.3.26-0woody3.diff.gz", "packageName": "apache", "operator": "lt"}], "description": "According to David Wagner, iDEFENSE and the Apache HTTP Server Project, several remotely exploitable vulnerabilities have been found in the Apache package, a commonly used webserver. These vulnerabilities could allow an attacker to enact a denial of service against a server or execute a cross scripting attack. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities:\n\n 1. CAN-2002-0839: A vulnerability exists on platforms using System V shared memory based scoreboards. This vulnerability allows an attacker to execute code under the Apache UID to exploit the Apache shared memory scoreboard format and send a signal to any process as root or cause a local denial of service attack.\n 2. CAN-2002-0840: Apache is susceptible to a cross site scripting vulnerability in the default 404 page of any web server hosted on a domain that allows wildcard DNS lookups.\n 3. CAN-2002-0843: There were some possible overflows in the utility ApacheBench (ab) which could be exploited by a malicious server.\n 4. CAN-2002-1233: A race condition in the htpasswd and htdigest program enables a malicious local user to read or even modify the contents of a password file or easily create and overwrite files as the user running the htpasswd (or htdigest respectively) program.\n 5. CAN-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. \n\nThis is the same vulnerability as CAN-2002-1233, which was fixed in potato already but got lost later and was never applied upstream.\n\n 6. NO-CAN: Several buffer overflows have been found in the ApacheBench (ab) utility that could be exploited by a remote server returning very long strings.\n\nThese problems have been fixed in version 1.3.26-0woody3 for the current stable distribution (woody) and in 1.3.9-14.3 for the old stable distribution (potato). Corrected packages for the unstable distribution (sid) are expected soon.\n\nWe recommend that you upgrade your Apache package immediately.", "edition": 1, "reporter": "Debian", "published": "2002-11-04T00:00:00", "title": "apache -- several vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2002-11-04T00:00:00", "id": "DSA-187", "href": "http://www.debian.org/security/dsa-187", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:19", "references": [], "pluginID": "53738", "description": "The remote host is missing an update to apache-perl\nannounced via advisory DSA 195-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Debian Security Advisory DSA 195-1 (apache-perl)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53738", "id": "OPENVAS:53738", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_195_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 195-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several vulnerabilities have been found in the Apache server\npackage, a commonly used webserver. Most of the code is shared\nbetween the Apache and Apache-Perl packages, so vulnerabilities are\nshared as well.\n\nThese vulnerabilities could allow an attacker to enact a denial of\nservice against a server or execute a cross site scripting attack, or\nsteal cookies from other web site users. The Common Vulnerabilities\nand Exposures (CVE) project identified the following vulnerabilities:\n\n1. CVE-2002-0839: A vulnerability exists on platforms using System V\nshared memory based scoreboards. This vulnerability allows an\nattacker to execute code under the Apache UID to exploit the Apache\nshared memory scoreboard format and send a signal to any process as\nroot or cause a local denial of service attack.\n\n2. CVE-2002-0840: Apache is susceptible to a cross site scripting\nvulnerability in the default 404 page of any web server hosted on a\ndomain that allows wildcard DNS lookups.\n\n3. CVE-2002-0843: There were some possible overflows in the utility\nApacheBench (ab) which could be exploited by a malicious server.\nNo such binary programs are distributed by the Apache-Perl package,\nthough.\n\n4. CVE-2002-1233: A race condition in the htpasswd and htdigest\nprogram enables a malicious local user to read or even modify the\ncontents of a password file or easily create and overwrite files as\nthe user running the htpasswd (or htdigest respectively) program.\nNo such binary programs are distributed by the Apache-Perl package,\nthough.\n\n5. CVE-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and\nothers allows local users to overwrite arbitrary files via a\nsymlink attack. No such binary programs are distributed by the\nApache-Perl package, though.\n\n6. NO-CAN: Several buffer overflows have been found in the ApacheBench\n(ab) utility that could be exploited by a remote server returning\nvery long strings. No such binary programs are distributed by the\nApache-Perl package, though.\n\nThese problems have been fixed in version 1.3.26-1-1.26-0woody2 for\nthe current stable distribution (woody), in\n1.3.9-14.1-1.21.20000309-1.1 for the old stable distribution (potato)\nand in version 1.3.26-1.1-1.27-3-1 for the unstable distribution\n(sid).\n\nWe recommend that you upgrade your Apache-Perl package immediately.\";\ntag_summary = \"The remote host is missing an update to apache-perl\nannounced via advisory DSA 195-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20195-1\";\n\nif(description)\n{\n script_id(53738);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0839\", \"CVE-2002-0840\", \"CVE-2002-0843\", \"CVE-2001-0131\", \"CVE-2002-1233\");\n script_bugtraq_id(5847,5884,5887);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 195-1 (apache-perl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache-perl\", ver:\"1.3.9-14.1-1.21.20000309-1.1\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-perl\", ver:\"1.3.26-1-1.26-0woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:00", "references": [], "pluginID": "53735", "description": "The remote host is missing an update to apache\nannounced via advisory DSA 187-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "Debian Security Advisory DSA 187-1 (apache)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53735", "id": "OPENVAS:53735", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_187_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 187-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several remotely exploitable vulnerabilities have been found\nin the Apache package, a commonly used webserver. These\nvulnerabilities could allow an attacker to enact a denial of service\nagainst a server or execute a cross scripting attack. The Common\nVulnerabilities and Exposures (CVE) project identified the following\nvulnerabilities:\n\n1. CVE-2002-0839: A vulnerability exists on platforms using System V\nshared memory based scoreboards. This vulnerability allows an\nattacker who can execute under the Apache UID to exploit the Apache\nshared memory scoreboard format and send a signal to any process as\nroot or cause a local denial of service attack.\n\n2. CVE-2002-0840: Apache is susceptible to a cross site scripting\nvulnerability in the default 404 page of any web server hosted on a\ndomain that allows wildcard DNS lookups.\n\n3. CVE-2002-0843: There were some possible overflows in the utility\nApacheBench (ab) which could be exploited by a malicious server.\n\n4. CVE-2002-1233: A race condition in the htpasswd and htdigest\nprogram enables a malicious local user to read or even modify the\ncontents of a password file or easily create and overwrite files as\nthe user running the htpasswd (or htdigest respectively) program.\n\n5. CVE-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and\nothers allows local users to overwrite arbitrary files via a\nsymlink attack.\n\nThis is the same vulnerability as CVE-2002-1233, which was fixed in\npotato already but got lost later and was never applied upstream.\n\n5. NO-CAN: Several buffer overflows have been found in the ApacheBench\n(ab) utility that could be exploited by a remote server returning\nvery long strings.\n\nThese problems have been fixed in version 1.3.26-0woody3 for the\ncurrent stable distribution (woody) and in 1.3.9-14.3 for the old\nstable distribution (potato). Corrected packages for the unstable\ndistribution (sid) are expected soon.\n\nWe recommend that you upgrade your Apache package immediately.\";\ntag_summary = \"The remote host is missing an update to apache\nannounced via advisory DSA 187-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20187-1\";\n\nif(description)\n{\n script_id(53735);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0839\", \"CVE-2002-0840\", \"CVE-2002-0843\", \"CVE-2001-0131\", \"CVE-2002-1233\");\n script_bugtraq_id(5847,5884,5887);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 187-1 (apache)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache-doc\", ver:\"1.3.9-14.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache\", ver:\"1.3.9-14.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-common\", ver:\"1.3.9-14.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-dev\", ver:\"1.3.9-14.3\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-doc\", ver:\"1.3.26-0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache\", ver:\"1.3.26-0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-common\", ver:\"1.3.26-0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-dev\", ver:\"1.3.26-0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:23", "references": [], "pluginID": "53737", "description": "The remote host is missing an update to apache-ssl\nannounced via advisory DSA 188-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 188-1 (apache-ssl)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2001-0131", "CVE-2002-0843", "CVE-2002-0840", "CVE-2002-1233", "CVE-2002-0839"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53737", "id": "OPENVAS:53737", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_188_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 188-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"According to David Wagner, iDEFENSE and the Apache HTTP Server\nProject, several vulnerabilities have been found in the Apache\npackage, a commonly used webserver. Most of the code is shared\nbetween the Apache and Apache-SSL packages, so vulnerabilities are\nshared as well. These vulnerabilities could allow an attacker to\nenact a denial of service against a server or execute a cross\nscripting attack, or steal cookies from other web site users.\nVulnerabilities in the included lecacy programs htdigest, htpasswd and\nApacheBench can be exploited when called via CGI. Additionally the\ninsecure temporary file creation in htdigest and htpasswd can also be\nexploited locally. The Common Vulnerabilities and Exposures (CVE)\nproject identified the following vulnerabilities:\n\n1. CVE-2002-0839: A vulnerability exists on platforms using System V\nshared memory based scoreboards. This vulnerability allows an\nattacker to execute code under the Apache UID to exploit the Apache\nshared memory scoreboard format and send a signal to any process as\nroot or cause a local denial of service attack.\n\n2. CVE-2002-0840: Apache is susceptible to a cross site scripting\nvulnerability in the default 404 page of any web server hosted on a\ndomain that allows wildcard DNS lookups.\n\n3. CVE-2002-0843: There were some possible overflows in the utility\nApacheBench (ab) which could be exploited by a malicious server.\n\n4. CVE-2002-1233: A race condition in the htpasswd and htdigest\nprogram enables a malicious local user to read or even modify the\ncontents of a password file or easily create and overwrite files as\nthe user running the htpasswd (or htdigest respectively) program.\n\n5. CVE-2001-0131: htpasswd and htdigest in Apache 2.0a9, 1.3.14, and\nothers allows local users to overwrite arbitrary files via a\nsymlink attack.\n\nThis is the same vulnerability as CVE-2002-1233, which was fixed in\npotato already but got lost later and was never applied upstream.\n\n5. NO-CAN: Several buffer overflows have been found in the ApacheBench\n(ab) utility that could be exploited by a remote server returning\nvery long strings.\n\nThese problems have been fixed in version 1.3.26.1+1.48-0woody3 for\nthe current stable distribution (woody) and in 1.3.9.13-4.2 for the\nold stable distribution (potato). Corrected packages for the unstable\ndistribution (sid) are expected soon.\n\nWe recommend that you upgrade your Apache-SSL package immediately.\";\ntag_summary = \"The remote host is missing an update to apache-ssl\nannounced via advisory DSA 188-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20188-1\";\n\nif(description)\n{\n script_id(53737);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:24:46 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-0839\", \"CVE-2002-0840\", \"CVE-2002-0843\", \"CVE-2001-0131\", \"CVE-2002-1233\");\n script_bugtraq_id(5847,5884,5887);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 188-1 (apache-ssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"apache-ssl\", ver:\"1.3.9.13-4.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"apache-ssl\", ver:\"1.3.26.1+1.48-0woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}