Description

This alert was generated using only banner information. It may be a false positive.

A buffer overflow vulnerability exists in the htpasswd utility included with Apache. The vulnerability is due to improper bounds checking when copying user-supplied 'user' data into local buffers.

Affected Apache versions (up to 1.3.33).

Remediation

Make sure htpasswd does not run setuid and is not accessible through any CGI scripts.

References

BID 13777

BID 13778

FlowSecurity.org: Local Stack Overflow on htpasswd apache 1.3.31 advisory

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2011-4354)

WordPress Plugin Login as User or Customer Security Bypass (1.7)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.6.6)

WordPress Plugin Import any XML or CSV File to WordPress Multiple Vulnerabilities (3.2.4)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (3.7.0.0)

Severity

Low

Classification

CVE-2006-1078 CWE-119 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Buffer Overflow