Description

This alert was generated using only banner information. It may be a false positive.

A buffer overflow vulnerability exists in the htpasswd utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied 'user' data into local buffers.

Affected Apache versions (up to 1.3.33).

Remediation

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

References

BID 13777

BID 13778

FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advisory

Related Vulnerabilities

MySQL Numeric Errors Vulnerability (CVE-2006-3486)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6112)

Dolibarr Incorrect Default Permissions Vulnerability (CVE-2022-40871)

WordPress Plugin wpDataTables-WordPress Tables & Table Charts Premium SQL Injection (3.4)

Joomla! Core 3.x.x Remote File Inclusion (3.0.0 - 3.2.5)

Severity

Low

Classification

CVE-2006-1078 CWE-119 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Buffer Overflow