CVE-2002-1233

A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.

Published: Nov 4, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1233
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:L/AC:H/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apache / http_server	1.3.23	1.3.23.x
apache / http_server	1.3.27	1.3.27.x
apache / http_server	1.3.25	1.3.25.x
apache / http_server	1.3.19	1.3.19.x
apache / http_server	1.3.24	1.3.24.x
apache / http_server	1.3.20	1.3.20.x
apache / http_server	1.3.26	1.3.26.x
apache / http_server	1.3.18	1.3.18.x
apache / http_server	1.3.17	1.3.17.x
apache / http_server	1.3.22	1.3.22.x

Vulnerability Database

290,020

CVE-2002-1233