VDB
CVE-2002-1233
CVE-2002-1233
PUBLISHED
CVSS 2.5999999046325684 LOW
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
EPSS 0.13% · 32.1th percentile
Risk Scores
CVSS 2.0
2.5999999046325684
EPSS Score
0.13%
32.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| apache | http_server | 1.3.17, 1.3.18, 1.3.18 |
Timeline
- Oct 25, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- DSA-188 vendor-advisory
- 5990 vdb
- DSA-187 vendor-advisory
- 5981 vdb
- DSA-195 vendor-advisory
- apache-htdigest-tmpfile-race(10413) vdb
- 20021016 Apache 1.3.26 mailing-list
- apache-htpasswd-tmpfile-race(10412) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-1233 advisory