Plugins

分享推荐实用的WordPress插件

WordPress

记录分享WordPress使用经验和技巧

Web前端

分享Web前端设计理念及技术

设计资源

搜刮来的设计资源

Apache htpasswd 和 htdigest 后置链接漏洞

2022-07-18 10:54:49 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Apache htpasswd 和 htdigest 后置链接漏洞

CNNVD编号：CNNVD-200103-014
危害等级：低危
CVE编号： CVE-2001-0131
漏洞类型：后置链接
发布时间： 2001-03-12
威胁类型：本地
更新时间： 2020-10-10
厂商： apache
漏洞来源： on January 10, 2001 via Bugtraq.');">This vulnerability...

漏洞简介

htpasswd和htdigest都是美国阿帕奇（Apache）软件基金会的产品。htpasswd是一款Linux密码生成软件。用来创建和更新用于基本认证的用户认证密码文件。htdigest是Apache的Web服务器内置工具.用于创建和更新储存用户名、域和用于摘要认证的密码文件。

Apache 2.0a9，1.3.14，和其他版本的htpasswd和htdigest存在漏洞。本地用户借助符号链接攻击改写任意文件。

漏洞公告

Upgrades available:

Apache Software Foundation Apache 1.3.9

Debian apache-common_1.3.9-14.3_alpha.deb

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_alpha.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_alpha.deb

Debian apache-common_1.3.9-14.3_arm.deb

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_arm.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_arm.deb

Debian apache-common_1.3.9-14.3_i386.deb

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_i386.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_i386.deb

Debian apache-common_1.3.9-14.3_m68k.deb

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_m68k.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_m68k.deb

Debian apache-common_1.3.9-14.3_powerpc.deb

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_powerpc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_powerpc.deb

Debian apache-common_1.3.9-14.3_sparc.deb

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_sparc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-common_1.
3.9-14.3_sparc.deb

Debian apache-dev_1.3.9-14.3_alpha.deb

http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_alpha.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_alpha.deb

Debian apache-dev_1.3.9-14.3_arm.deb

http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_arm.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_arm.deb

Debian apache-dev_1.3.9-14.3_i386.deb

http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_i386.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_i386.deb

Debian apache-dev_1.3.9-14.3_m68k.deb

http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_m68k.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_m68k.deb

Debian apache-dev_1.3.9-14.3_powerpc.deb

http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_powerpc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_powerpc.deb

Debian apache-dev_1.3.9-14.3_sparc.deb

http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_sparc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9
-14.3_sparc.deb

Debian apache-doc_1.3.9-14.3_all.deb

http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9-14.3_all.deb">
http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9
-14.3_all.deb

Debian apache-ssl_1.3.9.13-4.2_alpha.deb

http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_alpha.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_alpha.deb

Debian apache-ssl_1.3.9.13-4.2_arm.deb

http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_arm.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_arm.deb

Debian apache-ssl_1.3.9.13-4.2_i386.deb

http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_i386.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_i386.deb

Debian apache-ssl_1.3.9.13-4.2_m68k.deb

http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_m68k.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_m68k.deb

Debian apache-ssl_1.3.9.13-4.2_powerpc.deb

http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_powerpc.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_powerpc.deb

Debian apache-ssl_1.3.9.13-4.2_sparc.deb

http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_sparc.deb">
http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1
.3.9.13-4.2_sparc.deb

Debian apache_1.3.9-14.3_alpha.deb

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_alpha.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_alpha.deb

Debian apache_1.3.9-14.3_arm.deb

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_arm.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_arm.deb

Debian apache_1.3.9-14.3_i386.deb

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_i386.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_i386.deb

Debian apache_1.3.9-14.3_m68k.deb

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_m68k.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_m68k.deb

Debian apache_1.3.9-14.3_powerpc.deb

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_powerpc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_powerpc.deb

Debian apache_1.3.9-14.3_sparc.deb

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_sparc.deb">
http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.
3_sparc.deb

Wirex Immunix OS 7.0 -Beta

Wirex 7.0 i386 apache-1.3.14-3_StackGuard_5.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3_StackGuard_5.i386.rpm">
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3
_StackGuard_5.i386.rpm

Wirex 7.0 i386 apache-devel-1.3.14-3_StackGuard_5.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.3.14-3_StackGuard_5.i386.rpm">
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.
3.14-3_StackGuard_5.i386.rpm

Wirex 7.0 i386 apache-manual-1.3.14-3_StackGuard_5.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1.3.14-3_StackGuard_5.i386.rpm">
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1
.3.14-3_StackGuard_5.i386.rpm

Wirex 7.0 i386 mod_ssl-2.7.1-3_StackGuard_5.i386.rpm

http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3_StackGuard_5.i386.rpm">
http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3
_StackGuard_5.i386.rpm

参考网址

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=97916374410647&w=2

来源:DEBIAN

链接:https://www.debian.org/security/2001/dsa-021

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/5926

来源:BID

链接:https://www.securityfocus.com/bid/2182

受影响实体

Apache Http_server

补丁

暂无

weinxin

特别声明

本站(ZONE.CI)所有文章仅供技术研究，若将其信息做其他用途，由用户承担全部法律及连带责任，本站不承担任何法律及连带责任，请遵守中华人民共和国安全法.

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

咨询加Q：999999999

ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带

ZONE.CI 全球网安全领域涉猎者-乌云独行地带

获取本源码

售前咨询加Q：120433200

站媒体网仿《知更鸟》模板

获取本源码 zmt6.com

评论：0 参与： 0

目录

ZONE.CI 全球网

88888888 QQ在线咨询
ZONE.CI 全球网公众号