漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apahce HTDigest和HTPasssWD组件多个本地漏洞
Vulnerability Description
Apache是一款免费开放源代码的WEB服务程序。 Apache存在多个漏洞可以导致安全问题,本地攻击者可以利用这些漏洞进行修改Apache密码文件内容等攻击。 1、support/htpasswd.c中存在竞争条件漏洞: main() tempfilename = tmpnam(tname_buf); ftemp = fopen(tempfilename, "w+"); ... copy_file(ftemp, fpw); 当管理员运行htpasswd时攻击者利用这个漏洞可导致任意本地用户可以读取、修改
CVSS Information
N/A
Vulnerability Type
N/A