CVE-2002-1658
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/12/2002
Last modified:
20/11/2024
Description
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
Impact
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:* | ||
| cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=103480856102007&w=2
- http://www.securityfocus.com/bid/5993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10414
- https://sardonix.org/audit/apache-45.html
- http://marc.info/?l=bugtraq&m=103480856102007&w=2
- http://www.securityfocus.com/bid/5993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10414
- https://sardonix.org/audit/apache-45.html