CVE-2001-0131Link Following in Apache Http Server

CWE-59Link Following5 documents5 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 69.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Http ServerDebian Linux
Timeline
PublishedMar 12
Latest updateApr 30

Description

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages1 packages

NVDapache/http_server1.3.14, 2.0+1

Also affects: Debian Linux 2.2

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-36m7-hm82-xm8q: htpasswd and htdigest in Apache 22022-04-30
CVEList
CVE-2001-0131: htpasswd and htdigest in Apache 22001-02-14

📋Vendor Advisories

1
Red Hat
httpd: allows local users to overwrite arbitrary files via a symlink attack2001-01-10

💬Community

1
Bugzilla
CVE-2001-0131 httpd: allows local users to overwrite arbitrary files via a symlink attack2020-10-09
CVE-2001-0131 — Link Following in Apache Http Server | cvebase