CVE-2002-1658Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Http Server

3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.2%
top 62.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedDec 31
Latest updateApr 30

Description

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDapache/http_server18 versions+17

🔴Vulnerability Details

2
GHSA
GHSA-8m5j-4pp3-mr7m: Buffer overflow in htdigest in Apache 12022-04-30
CVEList
CVE-2002-1658: Buffer overflow in htdigest in Apache 12005-04-27
CVE-2002-1658 — Apache Http Server vulnerability | cvebase