Описание
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
A flaw was found in Apache httpd. Both htpasswd and htdigest allow local users to overwrite arbitrary files via a symlink attack. The highest threat from this vulnerability is to data integrity.
Отчет
All versions of httpd package shipped with Red Hat Products, uses APR's safe temp file creation and therefore they are not affected by this flaw
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat Enterprise Linux 7 | httpd | Not affected | ||
| Red Hat Enterprise Linux 8 | httpd:2.4/httpd | Not affected | ||
| Red Hat JBoss Core Services | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Out of support scope | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd22 | Out of support scope | ||
| Red Hat Software Collections | httpd24-httpd | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.9 Low
CVSS3
Связанные уязвимости
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
EPSS
2.9 Low
CVSS3