Back to search
CVE-2002-1233
Published: Oct 25, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-188
vendor-advisory
x_refsource_DEBIAN
5990
vdb-entry
x_refsource_BID
DSA-187
vendor-advisory
x_refsource_DEBIAN
5981
vdb-entry
x_refsource_BID
DSA-195
vendor-advisory
x_refsource_DEBIAN
apache-htdigest-tmpfile-race(10413)
vdb-entry
x_refsource_XF
20021016 Apache 1.3.26
mailing-list
x_refsource_BUGTRAQ
apache-htpasswd-tmpfile-race(10412)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now