Moderate

CVE-2002-1658 - Unspecified vulnerability in Apache HTTP Server

Publication: 2002-12-31
Summary

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

Risk level (CVSS 4.6)

Moderate

4.6

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Apache Http Server 1.3.1
  • Apache Http Server 1.3.3
  • Apache Http Server 1.3.4
  • Apache Http Server 1.3.6
  • Apache Http Server 1.3.9
  • Apache Http Server 1.3.11
  • Apache Http Server 1.3.12
  • Apache Http Server 1.3.14
  • Apache Http Server 1.3.17
  • Apache Http Server 1.3.18
  • Apache Http Server 1.3.19
  • Apache Http Server 1.3.20
  • Apache Http Server 1.3.22
  • Apache Http Server 1.3.23
  • Apache Http Server 1.3.24
  • Apache Http Server 1.3.25
  • Apache Http Server 1.3.26
  • Apache Http Server 1.3.27