Vulnerability Details CVE-2002-1658
Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.9%
CVSS Severity
CVSS v2 Score 4.6
References
- http://marc.info/?l=bugtraq&m=103480856102007&w=2
- http://www.securityfocus.com/bid/5993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10414
- https://sardonix.org/audit/apache-45.html
- http://marc.info/?l=bugtraq&m=103480856102007&w=2
- http://www.securityfocus.com/bid/5993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10414
- https://sardonix.org/audit/apache-45.html
Products affected by CVE-2002-1658
-
cpe:2.3:a:apache:http_server:1.3.1
-
cpe:2.3:a:apache:http_server:1.3.11
-
cpe:2.3:a:apache:http_server:1.3.12
-
cpe:2.3:a:apache:http_server:1.3.14
-
cpe:2.3:a:apache:http_server:1.3.17
-
cpe:2.3:a:apache:http_server:1.3.18
-
cpe:2.3:a:apache:http_server:1.3.19
-
cpe:2.3:a:apache:http_server:1.3.20
-
cpe:2.3:a:apache:http_server:1.3.22
-
cpe:2.3:a:apache:http_server:1.3.23
-
cpe:2.3:a:apache:http_server:1.3.24
-
cpe:2.3:a:apache:http_server:1.3.25
-
cpe:2.3:a:apache:http_server:1.3.26
-
cpe:2.3:a:apache:http_server:1.3.27
-
cpe:2.3:a:apache:http_server:1.3.3
-
cpe:2.3:a:apache:http_server:1.3.4
-
cpe:2.3:a:apache:http_server:1.3.6
-
cpe:2.3:a:apache:http_server:1.3.9