CVE-2002-1658

Опубликовано: 31 дек. 2002

Источник: nvd

CVSS2: 4.6

EPSS Низкий

Описание

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00202

Низкий

4.6 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2002-1658

debian

почти 23 года назад

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow atta ...

GHSA-8m5j-4pp3-mr7m

github

больше 3 лет назад