CVE-2002-1233
First published: Fri Oct 25 2002(Updated: )
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | =1.3.23 | |
| Apache Http Server | =1.3.23 | |
| Apache Http Server | =1.3.27 | |
| Apache Http Server | =1.3.25 | |
| Apache Http Server | =1.3.25 | |
| Apache Http Server | =1.3.19 | |
| Apache Http Server | =1.3.24 | |
| Apache Http Server | =1.3.20 | |
| Apache Http Server | =1.3.26 | |
| Apache Http Server | =1.3.18 | |
| Apache Http Server | =1.3.18 | |
| Apache Http Server | =1.3.17 | |
| Apache Http Server | =1.3.26 | |
| Apache Http Server | =1.3.22 | |
| Apache Http Server | =1.3.20 | |
| Apache Http Server | =1.3.17 | |
| Apache Http Server | =1.3.22 | |
| Apache Http Server | =1.3.24 | |
| Apache Http Server | =1.3.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.iss.net/security_center/static/10413.php
- http://www.debian.org/security/2002/dsa-187
- http://www.debian.org/security/2002/dsa-188
- http://www.debian.org/security/2002/dsa-195
- http://www.securityfocus.com/bid/5981
- http://www.securityfocus.com/bid/5990
- http://www.iss.net/security_center/static/10412.php
- http://marc.info/?l=bugtraq&m=103480856102007&w=2
Frequently Asked Questions
What is the severity of CVE-2002-1233?
CVE-2002-1233 is classified as a moderate-severity vulnerability as it allows local users to manipulate Apache password files.
How do I fix CVE-2002-1233?
To fix CVE-2002-1233, upgrade the Apache-SSL package to version 1.3.9 for Debian 2.2 or 1.3.26 for Debian 3.0 or later.
Who is affected by CVE-2002-1233?
CVE-2002-1233 affects local users of Debian distributions running specific versions of Apache HTTP Server.
What types of attacks does CVE-2002-1233 allow?
CVE-2002-1233 allows local users to perform a symlink attack on temporary files, potentially gaining access to sensitive password files.
Is CVE-2002-1233 related to any specific versions of Apache?
Yes, CVE-2002-1233 specifically affects Apache versions 1.3.27 and earlier on Debian distributions.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/apache
- canonical/apache http server
- version/apache http server/1.3.23
- version/apache http server/1.3.27
- version/apache http server/1.3.25
- version/apache http server/1.3.19
- version/apache http server/1.3.24
- version/apache http server/1.3.20
- version/apache http server/1.3.26
- version/apache http server/1.3.18
- version/apache http server/1.3.17
- version/apache http server/1.3.22