JVN/CVE Demo: Cveinfos

CVE

Id: 5617
CVE No.: CVE-2002-1233
Status: Candidate
Description: A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
Phase: Modified (20050529)
Votes: ACCEPT(3) Armstrong, Cole, Green | NOOP(1) Cox
Comments: Cox> Many vendors have included fixes for CVE-2001-0131 in their distributions | of Apache even though this has not been fixed upstream. I still believe | that this is not worthy of a separate CVE name since this is just Debian | forgetting to include their fix for CVE-2001-0131 in one of their versions, | and then correcting it.

Actions

Related CVE References

Id	CVE Id	CVE No.	Reference	Actions
30852	5617	CVE-2002-1233	BUGTRAQ:20021016 Apache 1.3.26	View
30853	5617	CVE-2002-1233	URL:http://marc.info/?l=bugtraq&m=103480856102007&w=2	View
30854	5617	CVE-2002-1233	DEBIAN:DSA-187	View
30855	5617	CVE-2002-1233	URL:http://www.debian.org/security/2002/dsa-187	View
30856	5617	CVE-2002-1233	DEBIAN:DSA-188	View
30857	5617	CVE-2002-1233	URL:http://www.debian.org/security/2002/dsa-188	View
30858	5617	CVE-2002-1233	DEBIAN:DSA-195	View
30859	5617	CVE-2002-1233	URL:http://www.debian.org/security/2002/dsa-195	View
30860	5617	CVE-2002-1233	BID:5981	View
30861	5617	CVE-2002-1233	URL:http://www.securityfocus.com/bid/5981	View
30862	5617	CVE-2002-1233	BID:5990	View
30863	5617	CVE-2002-1233	URL:http://www.securityfocus.com/bid/5990	View
30864	5617	CVE-2002-1233	XF:apache-htpasswd-tmpfile-race(10412)	View
30865	5617	CVE-2002-1233	URL:http://www.iss.net/security_center/static/10412.php	View
30866	5617	CVE-2002-1233	XF:apache-htdigest-tmpfile-race(10413)	View

Related JVN

Id	JVN No.	Title	Summary	CVE No.	CVE Id	CVSS_v2	CVSS_v3	JVN URL	Actions
63924	JVNDB-2002-000251	Apache HTTP Server の Htdigest および Htpasswd における不適切な一時ファイル作成の脆弱性	Apache HTTP Server に含まれている htdigest および htpasswd には、一時ファイルの作成に問題があり、これらのユーティリティにより作成した認証用データファイルに対して、競合状態を利用したシンボリックリンク攻撃を受ける脆弱性が存在します。	CVE-2002-1233	5617	2.6		http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000251.html	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.26 MB
View render complete	2.68 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	4.12
Event: Controller.initialize	0.02
Event: Controller.startup	0.09
Controller action	379.45
Event: Controller.beforeRender	5.03
» Processing toolbar data	4.95
Rendering View	6.54
» Event: View.beforeRender	0.02
» Rendering APP/View/Cveinfos/view.ctp	5.55
» Event: View.afterRender	0.02
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	0.57
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	0.10
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/cveinfos/view/5617
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/cveinfos/view/5617
Remote Port	9182
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.141.24.158
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http Cookie	advanced-frontend=e52geuskvt2vjual8i442p9uk6
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.141.24.158
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.141.24.158
Unique Id	aB9J_w-DDTVQmnlX1A0P0gAAARQ
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.141.24.158
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.141.24.158
Redirect Unique Id	aB9J_w-DDTVQmnlX1A0P0gAAARQ
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.141.24.158
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.141.24.158
Redirect Redirect Unique Id	aB9J_w-DDTVQmnlX1A0P0gAAARQ
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1746881023.1461
Request Time	1746881023

CVE

Actions

Related CVE References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files