Vulnerability Description
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 1.3.17 |
References
- http://marc.info/?l=bugtraq&m=103480856102007&w=2
- http://www.debian.org/security/2002/dsa-187
- http://www.debian.org/security/2002/dsa-188
- http://www.debian.org/security/2002/dsa-195
- http://www.iss.net/security_center/static/10412.php
- http://www.iss.net/security_center/static/10413.phpVendor Advisory
- http://www.securityfocus.com/bid/5981
- http://www.securityfocus.com/bid/5990
- http://marc.info/?l=bugtraq&m=103480856102007&w=2
- http://www.debian.org/security/2002/dsa-187
- http://www.debian.org/security/2002/dsa-188
- http://www.debian.org/security/2002/dsa-195
- http://www.iss.net/security_center/static/10412.php
- http://www.iss.net/security_center/static/10413.phpVendor Advisory
- http://www.securityfocus.com/bid/5981
FAQ
What is CVE-2002-1233?
CVE-2002-1233 is a vulnerability with a CVSS score of 2.6 (LOW). A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or mod...
How severe is CVE-2002-1233?
CVE-2002-1233 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1233?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.