Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Web Servers --> Category: infos

Apache <= 1.3.33 htpasswd local overflow Vulnerability Scan

Vulnerability Scan Summary
Checks for Apache <= 1.3.33

Detailed Explanation for this Vulnerability Test

The remote host appears to be running Apache 1.3.33 or older.

There is a local buffer overflow in the 'htpasswd' command in these
versions that may allow a local user to gain elevated rights if
'htpasswd' is run setuid or a remote user to run arbitrary commands
remotely if the script is accessible through a CGI.

*** Note that Nessus solely relied on the version number
*** of the remote server to issue this warning. This might
*** be a false positive

See also :
Solution : Make sure htpasswd does not run setuid and is not accessible
through any CGI scripts.
Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.