First published: Fri Oct 25 2002(Updated: )
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache HTTP server | =1.3.23 | |
Apache HTTP server | =1.3.23 | |
Apache HTTP server | =1.3.27 | |
Apache HTTP server | =1.3.25 | |
Apache HTTP server | =1.3.25 | |
Apache HTTP server | =1.3.19 | |
Apache HTTP server | =1.3.24 | |
Apache HTTP server | =1.3.20 | |
Apache HTTP server | =1.3.26 | |
Apache HTTP server | =1.3.18 | |
Apache HTTP server | =1.3.18 | |
Apache HTTP server | =1.3.17 | |
Apache HTTP server | =1.3.26 | |
Apache HTTP server | =1.3.22 | |
Apache HTTP server | =1.3.20 | |
Apache HTTP server | =1.3.17 | |
Apache HTTP server | =1.3.22 | |
Apache HTTP server | =1.3.24 | |
Apache HTTP server | =1.3.19 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.