Apache htpasswd 和 htdigest 后置链接漏洞

漏洞信息详情

Apache htpasswd 和 htdigest 后置链接漏洞

• CNNVD编号：CNNVD-200103-014
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2001-0131
  
• 漏洞类型：
  
  
  后置链接
  
• 发布时间：
  
  2001-03-12
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2020-10-10
  
• 厂        商：
  
  apache
• 漏洞来源：
  This vulnerability…

htpasswd和htdigest都是美国阿帕奇（Apache）软件基金会的产品。htpasswd是一款Linux密码生成软件。用来创建和更新用于基本认证的用户认证密码文件。htdigest是Apache的Web服务器内置工具.用于创建和更新储存用户名、域和用于摘要认证的密码文件。

Apache 2.0a9，1.3.14，和其他版本的htpasswd和htdigest存在漏洞。本地用户借助符号链接攻击改写任意文件。

Upgrades available:

Apache Software Foundation Apache 1.3.9

• Debian apache-common_1.3.9-14.3_alpha.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_alpha.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.

  
  3.9-14.3_alpha.deb

• Debian apache-common_1.3.9-14.3_arm.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_arm.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.

  
  3.9-14.3_arm.deb

• Debian apache-common_1.3.9-14.3_i386.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_i386.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.

  
  3.9-14.3_i386.deb

• Debian apache-common_1.3.9-14.3_m68k.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_m68k.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.

  
  3.9-14.3_m68k.deb

• Debian apache-common_1.3.9-14.3_powerpc.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_powerpc.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.

  
  3.9-14.3_powerpc.deb

• Debian apache-common_1.3.9-14.3_sparc.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.9-14.3_sparc.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-common_1.

  
  3.9-14.3_sparc.deb

• Debian apache-dev_1.3.9-14.3_alpha.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_alpha.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9

  
  -14.3_alpha.deb

• Debian apache-dev_1.3.9-14.3_arm.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_arm.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9

  
  -14.3_arm.deb

• Debian apache-dev_1.3.9-14.3_i386.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_i386.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9

  
  -14.3_i386.deb

• Debian apache-dev_1.3.9-14.3_m68k.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_m68k.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9

  
  -14.3_m68k.deb

• Debian apache-dev_1.3.9-14.3_powerpc.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_powerpc.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9

  
  -14.3_powerpc.deb

• Debian apache-dev_1.3.9-14.3_sparc.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9-14.3_sparc.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.9

  
  -14.3_sparc.deb

• Debian apache-doc_1.3.9-14.3_all.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9-14.3_all.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.9

  
  -14.3_all.deb

• Debian apache-ssl_1.3.9.13-4.2_alpha.deb

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_alpha.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1

  
  .3.9.13-4.2_alpha.deb

• Debian apache-ssl_1.3.9.13-4.2_arm.deb

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_arm.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1

  
  .3.9.13-4.2_arm.deb

• Debian apache-ssl_1.3.9.13-4.2_i386.deb

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_i386.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1

  
  .3.9.13-4.2_i386.deb

• Debian apache-ssl_1.3.9.13-4.2_m68k.deb

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_m68k.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1

  
  .3.9.13-4.2_m68k.deb

• Debian apache-ssl_1.3.9.13-4.2_powerpc.deb

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_powerpc.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1

  
  .3.9.13-4.2_powerpc.deb

• Debian apache-ssl_1.3.9.13-4.2_sparc.deb

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1.3.9.13-4.2_sparc.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache-ssl/apache-ssl_1

  
  .3.9.13-4.2_sparc.deb

• Debian apache_1.3.9-14.3_alpha.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_alpha.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.

  
  3_alpha.deb

• Debian apache_1.3.9-14.3_arm.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_arm.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.

  
  3_arm.deb

• Debian apache_1.3.9-14.3_i386.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_i386.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.

  
  3_i386.deb

• Debian apache_1.3.9-14.3_m68k.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_m68k.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.

  
  3_m68k.deb

• Debian apache_1.3.9-14.3_powerpc.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_powerpc.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.

  
  3_powerpc.deb

• Debian apache_1.3.9-14.3_sparc.deb

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.3_sparc.deb“>

  
  http://security.debian.org/pool/updates/main/a/apache/apache_1.3.9-14.

  
  3_sparc.deb

Wirex Immunix OS 7.0 -Beta

• Wirex 7.0 i386 apache-1.3.14-3_StackGuard_5.i386.rpm

  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3_StackGuard_5.i386.rpm“>

  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-1.3.14-3

  
  _StackGuard_5.i386.rpm

• Wirex 7.0 i386 apache-devel-1.3.14-3_StackGuard_5.i386.rpm

  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.3.14-3_StackGuard_5.i386.rpm“>

  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-devel-1.

  
  3.14-3_StackGuard_5.i386.rpm

• Wirex 7.0 i386 apache-manual-1.3.14-3_StackGuard_5.i386.rpm

  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1.3.14-3_StackGuard_5.i386.rpm“>

  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/apache-manual-1

  
  .3.14-3_StackGuard_5.i386.rpm

• Wirex 7.0 i386 mod_ssl-2.7.1-3_StackGuard_5.i386.rpm

  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3_StackGuard_5.i386.rpm“>

  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/mod_ssl-2.7.1-3

  
  _StackGuard_5.i386.rpm

来源:BUGTRAQ

链接:http://marc.info/?l=bugtraq&m=97916374410647&w=2

来源:DEBIAN

链接:https://www.debian.org/security/2001/dsa-021

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/5926

来源:BID

链接:https://www.securityfocus.com/bid/2182