Description

This alert was generated using only banner information. It may be a false positive.

A buffer overflow vulnerability exists in the htpasswd utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied 'user' data into local buffers.

Affected Apache versions (up to 1.3.33).

Remediation

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

References

BID 13777

BID 13778

FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advisory

Related Vulnerabilities

WordPress Plugin BuddyPress Multiple Security Bypass Vulnerabilities (7.2.1)

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.11)

WordPress 4.4.x Cross-Domain Flash Injection Vulnerability (4.4 - 4.4.13)

GlassFish CVE-2017-3249 Vulnerability (CVE-2017-3249)

MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7566)

Severity

Low

Classification

CVE-2006-1078 CWE-119 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Buffer Overflow