CVE-ID

CVE-2001-0131

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20010206 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20010430-01)
Votes (Legacy)
ACCEPT(2) Baker, Cole
MODIFY(1) Frech
NOOP(3) Christey, Magdych, Wall
Comments (Legacy)
 Frech> XF:linux-apache-symlink(5926)
 Christey> XF:linux-apache-symlink
   URL:http://xforce.iss.net/static/5926.php
 Christey> http://archives.neohapsis.com/archives/vendor/2001-q1/0019.html
 Christey> This item may have been re-introduced into the Apache source
   code sometime during 2002; CVE-2002-1233 has been created for
   that version, which affects Apache 1.3.27 and other versions.
 Christey> As a further clarification, CVE-2002-1233 is *only* for the
   Debian-specific regression error.
 Christey> DEBIAN:DSA-195
   URL:http://www.debian.org/security/2002/dsa-195

Proposed (Legacy)
20010214
This is an entry on the CVE list, which standardizes names for security problems.