Apache <= 1.3.33 Htpasswd Local Overflow Network Vulnerability

Summary

The remote host appears to be running Apache 1.3.33 or older. There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is accessible through a CGI. *** Note that OVS solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive

Solution

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

References

http://archives.neohapsis.com/archives/bugtraq/2004-10/0345.html

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

OpenSC Security Bypass Vulnerability
Bournal Privilege Escalation Vulnerability
Apache <= 1.3.33 htpasswd local overflow
McAfee VirusScan Enterprise Privilege Escalation Vulnerability (Windows)

Take action and discover your vulnerabilities