CVE-2002-1233 — Vulnetix

Try Vulnetix Request Demo

CVE-2002-1233 PUBLISHED CVSS 2.5999999046325684 LOW

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

EPSS 0.13% · 32.5th percentile

Risk Scores

CVSS v2.0

2.5999999046325684

EPSS Score

0.13%

32.5th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
apache	http_server	1.3.17, 1.3.18, 1.3.18

Timeline

Oct 25, 2002 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Apr 30, 2022 CVE Updated
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

DSA-188 vendor-advisory
5990 vdb
DSA-187 vendor-advisory
5981 vdb
DSA-195 vendor-advisory
apache-htdigest-tmpfile-race(10413) vdb
20021016 Apache 1.3.26 mailing-list
apache-htpasswd-tmpfile-race(10412) vdb
https://nvd.nist.gov/vuln/detail/CVE-2002-1233 advisory

Open in Interactive Console →