Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache version up to 1.3.33 htpasswd local overflow - Vulnerability Database

Apache version up to 1.3.33 htpasswd local overflow

Description

This alert was generated using only banner information. It may be a false positive.

A buffer overflow vulnerability exists in the htpasswd utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied 'user' data into local buffers.

Affected Apache versions (up to 1.3.33).

Remediation

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

References

BID 13777
BID 13778
FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advisory

Related Vulnerabilities

PHP POST file upload buffer overflow vulnerabilities High
Common tags: Missing Update Buffer Overflow
PHP HTML entity encoder heap overflow vulnerability High
Common tags: Missing Update Buffer Overflow
PHP4 IMAP module buffer overflow vulnerability Medium
Common tags: Missing Update Buffer Overflow
Nginx buffer underflow vulnerability High
Common tags: Missing Update Buffer Overflow
Apache mod_rewrite off-by-one buffer overflow vulnerability High
Common tags: Missing Update Buffer Overflow

Severity

Low

Classification

CVE-2006-1078
CWE-119
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update
Buffer Overflow