Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-1233

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

Published

2002-11-04T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.6 (LOW)

CVSSv2 Vector

AV:L/AC:H/Au:N/C:P/I:P/A:N

Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

1.9

Impact Score

4.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	http_server	1.3.17	Yes
Application	apache	http_server	1.3.17	Yes
Application	apache	http_server	1.3.18	Yes
Application	apache	http_server	1.3.18	Yes
Application	apache	http_server	1.3.19	Yes
Application	apache	http_server	1.3.19	Yes
Application	apache	http_server	1.3.20	Yes
Application	apache	http_server	1.3.20	Yes
Application	apache	http_server	1.3.22	Yes
Application	apache	http_server	1.3.22	Yes
Application	apache	http_server	1.3.23	Yes
Application	apache	http_server	1.3.23	Yes
Application	apache	http_server	1.3.24	Yes
Application	apache	http_server	1.3.24	Yes
Application	apache	http_server	1.3.25	Yes
Application	apache	http_server	1.3.25	Yes
Application	apache	http_server	1.3.26	Yes
Application	apache	http_server	1.3.26	Yes
Application	apache	http_server	1.3.27	Yes

References

http://marc.info/?l=bugtraq&m=103480856102007&w=2 ([email protected])
http://www.debian.org/security/2002/dsa-187 ([email protected])
http://www.debian.org/security/2002/dsa-188 ([email protected])
http://www.debian.org/security/2002/dsa-195 ([email protected])
http://www.iss.net/security_center/static/10412.php ([email protected])
http://www.iss.net/security_center/static/10413.php Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/5981 ([email protected])
http://www.securityfocus.com/bid/5990 ([email protected])
http://marc.info/?l=bugtraq&m=103480856102007&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2002/dsa-187 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2002/dsa-188 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2002/dsa-195 (af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/security_center/static/10412.php (af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/security_center/static/10413.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/5981 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/5990 (af854a3a-2127-422b-91ae-364da2661108)