PT-2002-2206 · Apache+1 · Apache+1

Published

2002-10-25

Updated

2016-10-18

CVE-2002-1233

CVSS v2.0

2.6

Low

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: apache-ssl versions 1.3.9 and earlier on Debian 2.2 apache-ssl versions 1.3.26 and earlier on Debian 3.0 Apache versions 1.3.27 and earlier

Description: A regression error in the apache-ssl package allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs htpasswd or htdigest. This issue is a re-introduction of a previously identified vulnerability.

Recommendations: For apache-ssl versions 1.3.9 and earlier on Debian 2.2, update to version 1.3.9 or later. For apache-ssl versions 1.3.26 and earlier on Debian 3.0, update to version 1.3.26 or later. For Apache versions 1.3.27 and earlier, update to a version later than 1.3.27.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1233

DSA-187

DSA-188

DSA-195

Affected Products

Apache

Debian

PT-2002-2206 · Apache+1 · Apache+1

CVE-2002-1233

Related Identifiers

Affected Products

References · 10