CVE-2002-1233
Last modified
CVE-2002-1233 is a vulnerability of currently unknown severity. A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.
Description
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 1.3.17 |
| Apache | Http Server | 1.3.18 |
| Apache | Http Server | 1.3.19 |
| Apache | Http Server | 1.3.20 |
| Apache | Http Server | 1.3.22 |
| Apache | Http Server | 1.3.23 |
| Apache | Http Server | 1.3.24 |
| Apache | Http Server | 1.3.25 |
| Apache | Http Server | 1.3.26 |
| Apache | Http Server | 1.3.27 |
References
- http://www.iss.net/security_center/static/10413.phpVendor Advisory
- http://www.iss.net/security_center/static/10413.phpVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2002-1233?
How severe is CVE-2002-1233?
How do I fix CVE-2002-1233?
Are you affected by CVE-2002-1233?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST