Detections
Analytics

Apache <= 1.3.33 htpasswd Local Overflow

medium Nessus Plugin ID 14771

Language:

Synopsis

The remote web server is affected by a buffer overflow vulnerability.

Description

The remote host appears to be running Apache 1.3.33 or older.

There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is accessible through a CGI.

*** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive

Solution

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

See Also

https://seclists.org/bugtraq/2004/Oct/356

https://seclists.org/fulldisclosure/2004/Sep/565

Plugin Details

Severity: Medium

ID: 14771

File Name: apache_htpasswd_overflow.nasl

Version: 1.25

Type: remote

Family: Web Servers

Published: 9/17/2004

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.1

Temporal Score: 3.2

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: Settings/ParanoidReport, installed_sw/Apache

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/16/2004

Reference Information

BID: 13777, 13778