Apache version up to 1.3.33 htpasswd local overflow

Description

This alert was generated using only banner information. It may be a false positive.

A buffer overflow vulnerability exists in the htpasswd utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied 'user' data into local buffers.

Affected Apache versions (up to 1.3.33).

Remediation

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

References
Severity
Classification
Tags
  • Missing Update