Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

Apache <= 1.3.33 htpasswd local overflow

Severity

Low

Family

Privilege escalation

CVSSv2 Base

2.1

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Solution Type

Mitigation

Created

18 years ago

Modified

5 years ago

Share on Facebook
Share on LinkedIn
Share on Twitter

The remote host appears to be running Apache 1.3.33 or older. There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is accessible through a CGI.

Solution

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

References

http://archives.neohapsis.com/archives/bugtraq/2004-10/0345.html

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Apache <= 1.3.33 htpasswd local overflow

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Solution

Solution

References