CVE-2002-1233

2002-11-0405:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-1233

debian

apache-ssl

symlink attack

temporary files

nvd

security vulnerability

5.9 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

9.4%

JSON

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

CPENameOperatorVersion
apache:http_serverapache http servereq1.3.23
apache:http_serverapache http servereq1.3.27
apache:http_serverapache http servereq1.3.25
apache:http_serverapache http servereq1.3.19
apache:http_serverapache http servereq1.3.24
apache:http_serverapache http servereq1.3.20
apache:http_serverapache http servereq1.3.26
apache:http_serverapache http servereq1.3.18
apache:http_serverapache http servereq1.3.17
apache:http_serverapache http servereq1.3.22

CPE	Name	Operator	Version
apache:http_server	apache http server	eq	1.3.23
apache:http_server	apache http server	eq	1.3.27
apache:http_server	apache http server	eq	1.3.25
apache:http_server	apache http server	eq	1.3.19
apache:http_server	apache http server	eq	1.3.24
apache:http_server	apache http server	eq	1.3.20
apache:http_server	apache http server	eq	1.3.26
apache:http_server	apache http server	eq	1.3.18
apache:http_server	apache http server	eq	1.3.17
apache:http_server	apache http server	eq	1.3.22