Description

This alert was generated using only banner information. It may be a false positive.

A buffer overflow vulnerability exists in the htpasswd utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied 'user' data into local buffers.

Affected Apache versions (up to 1.3.33).

Remediation

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

References

BID 13777

BID 13778

FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advisory

Related Vulnerabilities

Oracle Database Server CVE-2011-0835 Vulnerability (CVE-2011-0835)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-35525)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3240)

WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1)

MediaWiki Improper Privilege Management Vulnerability (CVE-2021-44857)

Severity

Low

Classification

CVE-2006-1078 CWE-119 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Buffer Overflow