CVE-2002-1658

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Published: Dec 31, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-1658
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apache / http_server	1.3.23	1.3.23.x
apache / http_server	1.3.27	1.3.27.x
apache / http_server	1.3.1	1.3.1.x
apache / http_server	1.3.25	1.3.25.x
apache / http_server	1.3.19	1.3.19.x
apache / http_server	1.3.24	1.3.24.x
apache / http_server	1.3.20	1.3.20.x
apache / http_server	1.3.6	1.3.6.x
apache / http_server	1.3.4	1.3.4.x
apache / http_server	1.3.18	1.3.18.x
apache / http_server	1.3.12	1.3.12.x
apache / http_server	1.3.3	1.3.3.x
apache / http_server	1.3.17	1.3.17.x
apache / http_server	1.3.26	1.3.26.x
apache / http_server	1.3.9	1.3.9.x
apache / http_server	1.3.14	1.3.14.x
apache / http_server	1.3.22	1.3.22.x
apache / http_server	1.3.11	1.3.11.x

Vulnerability Database

290,020

CVE-2002-1658