Vulnerability Details : CVE-2002-1233
A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
Threat overview for CVE-2002-1233
Top countries where our scanners detected CVE-2002-1233
Top open port discovered on systems with this issue
80
IPs affected by CVE-2002-1233 10,534
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2002-1233!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2002-1233
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1233
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
2.6
|
LOW | AV:L/AC:H/Au:N/C:P/I:P/A:N |
1.9
|
4.9
|
NIST |
References for CVE-2002-1233
-
http://www.securityfocus.com/bid/5981
- http://www.debian.org/security/2002/dsa-187
-
http://www.iss.net/security_center/static/10413.php
Vendor Advisory
-
http://www.securityfocus.com/bid/5990
-
http://www.iss.net/security_center/static/10412.php
- http://marc.info/?l=bugtraq&m=103480856102007&w=2
- http://www.debian.org/security/2002/dsa-188
- http://www.debian.org/security/2002/dsa-195
Products affected by CVE-2002-1233
- cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.20:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.25:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.24:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.22:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.26:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.23:*:win32:*:*:*:*:*
- cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*