| Vulnerability Name: | CVE-2002-1233 (CCN-10412) | ||||||||||||||||
| Assigned: | 2002-10-16 | ||||||||||||||||
| Published: | 2002-10-16 | ||||||||||||||||
| Updated: | 2016-10-18 | ||||||||||||||||
| Summary: | A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131. | ||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:N)
| ||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Oct 16 2002 - 17:32:26 CDT Apache 1.3.26 Source: MITRE Type: CNA CVE-2002-1233 Source: CCN Type: Apache Web site Welcome! - The Apache HTTP Server Project Source: BUGTRAQ Type: UNKNOWN 20021016 Apache 1.3.26 Source: DEBIAN Type: UNKNOWN DSA-187 Source: DEBIAN Type: UNKNOWN DSA-188 Source: DEBIAN Type: UNKNOWN DSA-195 Source: DEBIAN Type: DSA-187 apache -- several vulnerabilities Source: DEBIAN Type: DSA-188 apache-ssl -- several vulnerabilities Source: DEBIAN Type: DSA-195 apache-perl -- several vulnerabilities Source: XF Type: UNKNOWN apache-htpasswd-tmpfile-race(10412) Source: XF Type: Vendor Advisory apache-htdigest-tmpfile-race(10413) Source: BID Type: UNKNOWN 5981 Source: CCN Type: BID-5981 Multiple Apache HTDigest and HTPassWD Component Vulnerabilites Source: BID Type: UNKNOWN 5990 Source: CCN Type: BID-5990 Apache HTPasswd Insecure Temporary File Vulnerability Source: XF Type: UNKNOWN apache-htpasswd-tmpfile-race(10412) | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Vulnerability Name: | CVE-2002-1233 (CCN-10413) | ||||||||||||||||
| Assigned: | 2002-10-16 | ||||||||||||||||
| Published: | 2002-10-16 | ||||||||||||||||
| Updated: | 2002-10-16 | ||||||||||||||||
| Summary: | Apache HTTP Server is vulnerable to a race condition in the support/htdigest.c:main(), caused by insecure temporary files. A local attacker could exploit this vulnerability to launch symlink attacks against the Apache password file, which could then be used to read and modify the contents of htdigest. This could allow an attacker to obtain user credentials and gain unauthorized access to sensitive information. | ||||||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:N)
| ||||||||||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Oct 16 2002 - 17:32:26 CDT Apache 1.3.26 Source: MITRE Type: CNA CVE-2002-1233 Source: CCN Type: Apache Web site Welcome! - The Apache HTTP Server Project Source: DEBIAN Type: DSA-187 apache -- several vulnerabilities Source: DEBIAN Type: DSA-188 apache-ssl -- several vulnerabilities Source: DEBIAN Type: DSA-195 apache-perl -- several vulnerabilities Source: CCN Type: BID-5981 Multiple Apache HTDigest and HTPassWD Component Vulnerabilites Source: CCN Type: BID-5990 Apache HTPasswd Insecure Temporary File Vulnerability Source: CCN Type: BID-5992 Apache HTDigest Insecure Temporary File Vulnerability Source: XF Type: UNKNOWN apache-htdigest-tmpfile-race(10413) | ||||||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||