Vulnerabilities > CVE-2002-1658 - Buffer Overflow vulnerability in Multiple Apache HTDigest

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

apache

NVD

Published: 2002-12-31

Updated: 2017-07-11

Summary

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Http Server 1.3.1 Apache Http Server 1.3.3 Apache Http Server 1.3.4 Apache Http Server 1.3.6 Apache Http Server 1.3.9 Apache Http Server 1.3.11 Apache Http Server 1.3.12 Apache Http Server 1.3.14 Apache Http Server 1.3.17 Apache Http Server 1.3.18 Apache Http Server 1.3.19 Apache Http Server 1.3.20 Apache Http Server 1.3.22 Apache Http Server 1.3.23 Apache Http Server 1.3.24 Apache Http Server 1.3.25 Apache Http Server 1.3.26 Apache Http Server 1.3.27	18

Summary

Vulnerable Configurations

References