htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=97916374410647&w=2 | Third Party Advisory |
http://www.debian.org/security/2001/dsa-021 | Patch Third Party Advisory |
http://www.securityfocus.com/bid/2182 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/5926 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2001-03-12 05:00
Updated : 2024-02-04 16:31
NVD link : CVE-2001-0131
Mitre link : CVE-2001-0131
CVE.ORG link : CVE-2001-0131
JSON object : View
Products Affected
debian
- debian_linux
apache
- http_server
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')