Lucene search

K
ubuntuUbuntuUSN-120-1
HistoryMay 06, 2005 - 12:00 a.m.

Apache 2 vulnerability

2005-05-0600:00:00
ubuntu.com
34

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.004

Percentile

73.7%

Releases

  • Ubuntu 5.04
  • Ubuntu 4.10

Details

Luca Ercoli discovered that the “htdigest” program did not perform any
bounds checking when it copied the “user” and “realm” arguments into
local buffers. If this program is used in remotely callable CGI
scripts, this could be exploited by a remote attacker to execute
arbitrary code with the privileges of the CGI script.

OSVersionArchitecturePackageVersionFilename
Ubuntu5.04noarchapache2-utils< *UNKNOWN
Ubuntu4.10noarchapache2-utils< *UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.004

Percentile

73.7%