htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/2182 | Third Party Advisory VDB Entry |
http://www.debian.org/security/2001/dsa-021 | Patch Third Party Advisory |
http://marc.info/?l=bugtraq&m=97916374410647&w=2 | Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/5926 | Third Party Advisory VDB Entry |
Information
Published : 2001-03-11 21:00
Updated : 2020-10-09 10:52
NVD link : CVE-2001-0131
Mitre link : CVE-2001-0131
JSON object : View
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
Products Affected
debian
- debian_linux
apache
- http_server