Vulnerability 17413 - CERT Civis.Net

Vulnerability Name:

CCN-17413

Published:

2004-09-16

Updated:

2004-09-16

Summary:

Apache HTTP Server is vulnerable to a stack-based buffer overflow in the htpasswd.c file, caused by improper bounds checking of the user and passwd variables. A local attacker, within the same permissions assigned to the attacker, could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Other

References:

Source: CCN
Type: BugTraq Mailing List, Fri Oct 29 2004 - 16:53:16 CDT
Re: local buffer overflow in htpasswd for apache 1.3.31 not fixed in .33?

Source: CCN
Type: Full-Disclosure Mailing List, Thu Sep 16 2004 - 11:23:03 CDT
FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advsory.

Source: CCN
Type: Apache HTTP Server Project Web site
Apache HTTPD Project - The Apache HTTPD Server Project

Source: CCN
Type: BID-13777
Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability

Source: CCN
Type: BID-13778
Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability

Source: CCN
Type: USN-133-1
Apache utility vulnerability

Source: XF
Type: UNKNOWN
apache-htpasswd-bo(17413)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:apache:http_server:1.3:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.19:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.26:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.12:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.20:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.23:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.17:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.14:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.11:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.27:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.28:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.29:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.33:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.0:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.32:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.31:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.24:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.22:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.18:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.25:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.10:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.13:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.15:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.16:*:*:*:*:*:*:*

OR cpe:/a:apache:http_server:1.3.30:*:*:*:*:*:*:*

Denotes that component is vulnerable