Apache <= 1.3.33 htpasswd Local Overflow

Medium Nessus Plugin ID 14771

Synopsis

The remote web server is affected by a buffer overflow vulnerability.

Description

The remote host appears to be running Apache 1.3.33 or older.

There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is accessible through a CGI.

*** Note that Nessus solely relied on the version number *** of the remote server to issue this warning. This might *** be a false positive

Solution

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

See Also

http://seclists.org/bugtraq/2004/Oct/356

http://seclists.org/fulldisclosure/2004/Sep/565

Plugin Details

Severity: Medium

ID: 14771

File Name: apache_htpasswd_overflow.nasl

Version: $Revision: 1.22 $

Type: remote

Family: Web Servers

Published: 2004/09/17

Modified: 2018/01/23

Dependencies: 48204

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.1

Temporal Score: 3.2

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

CVSSv3

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:apache:http_server

Required KB Items: installed_sw/Apache, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2004/09/16

Reference Information

BID: 13777, 13778

OSVDB: 10068

EDB-ID: 466