漏洞信息详情
Apache htpasswd 和 htdigest 后置链接漏洞
- CNNVD编号:CNNVD-200103-014
- 危害等级: 低危
- CVE编号: CVE-2001-0131
- 漏洞类型: 后置链接
- 发布时间: 2001-03-12
- 威胁类型: 本地
- 更新时间: 2020-10-10
- 厂 商: apache
- 漏洞来源: on January 10, 2001 via Bugtraq.');">This vulnerability...
漏洞简介
htpasswd和htdigest都是美国阿帕奇(Apache)软件基金会的产品。htpasswd是一款Linux密码生成软件。用来创建和更新用于基本认证的用户认证密码文件。htdigest是Apache的Web服务器内置工具.用于创建和更新储存用户名、域和用于摘要认证的密码文件。
Apache 2.0a9,1.3.14,和其他版本的htpasswd和htdigest存在漏洞。本地用户借助符号链接攻击改写任意文件。
漏洞公告
Upgrades available:
Apache Software Foundation Apache 1.3.9
Debian apache-common_1.3.9-14.3_alpha.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_alpha.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_alpha.deb
Debian apache-common_1.3.9-14.3_arm.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_arm.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_arm.deb
Debian apache-common_1.3.9-14.3_i386.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_i386.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_i386.deb
Debian apache-common_1.3.9-14.3_m68k.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_m68k.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_m68k.deb
Debian apache-common_1.3.9-14.3_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_powerpc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_powerpc.deb
Debian apache-common_1.3.9-14.3_sparc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_sparc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_sparc.deb
Debian apache-dev_1.3.9-14.3_alpha.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_alpha.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_alpha.deb
Debian apache-dev_1.3.9-14.3_arm.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_arm.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_arm.deb
Debian apache-dev_1.3.9-14.3_i386.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_i386.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_i386.deb
Debian apache-dev_1.3.9-14.3_m68k.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_m68k.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_m68k.deb
Debian apache-dev_1.3.9-14.3_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_powerpc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_powerpc.deb
Debian apache-dev_1.3.9-14.3_sparc.deb
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_sparc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_sparc.deb
Debian apache-doc_1.3.9-14.3_all.deb
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9-14.3_all.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9
-14.3_all.deb
Debian apache-ssl_1.3.9.13-4.2_alpha.deb
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_alpha.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_alpha.deb
Debian apache-ssl_1.3.9.13-4.2_arm.deb
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_arm.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_arm.deb
Debian apache-ssl_1.3.9.13-4.2_i386.deb
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_i386.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_i386.deb
Debian apache-ssl_1.3.9.13-4.2_m68k.deb
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_m68k.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_m68k.deb
Debian apache-ssl_1.3.9.13-4.2_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_powerpc.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_powerpc.deb
Debian apache-ssl_1.3.9.13-4.2_sparc.deb
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_sparc.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_sparc.deb
Debian apache_1.3.9-14.3_alpha.deb
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_alpha.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_alpha.deb
Debian apache_1.3.9-14.3_arm.deb
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_arm.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_arm.deb
Debian apache_1.3.9-14.3_i386.deb
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_i386.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_i386.deb
Debian apache_1.3.9-14.3_m68k.deb
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_m68k.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_m68k.deb
Debian apache_1.3.9-14.3_powerpc.deb
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_powerpc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_powerpc.deb
Debian apache_1.3.9-14.3_sparc.deb
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_sparc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_sparc.deb
Wirex Immunix OS 7.0 -Beta
Wirex 7.0 i386 apache-1.3.14-3_StackGuard_5.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3_StackGuard_5.i386.rpm">
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3
_StackGuard_5.i386.rpm
Wirex 7.0 i386 apache-devel-1.3.14-3_StackGuard_5.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.3.14-3_StackGuard_5.i386.rpm">
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.
3.14-3_StackGuard_5.i386.rpm
Wirex 7.0 i386 apache-manual-1.3.14-3_StackGuard_5.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1.3.14-3_StackGuard_5.i386.rpm">
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1
.3.14-3_StackGuard_5.i386.rpm
Wirex 7.0 i386 mod_ssl-2.7.1-3_StackGuard_5.i386.rpm
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3_StackGuard_5.i386.rpm">
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3
_StackGuard_5.i386.rpm
参考网址
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=97916374410647&w=2
来源:DEBIAN
链接:https://www.debian.org/security/2001/dsa-021
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/5926
来源:BID
链接:https://www.securityfocus.com/bid/2182
受影响实体
- Apache Http_server
补丁
暂无
评论