httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Old apache exploit - Security Focus ID 5993
Date Thu, 19 Jun 2003 19:06:05 GMT

On Thu, 19 Jun 2003, Robert Brockway wrote:

> Hi all.  I'm going through some old exploits at the moment (don't ask :)
> and came across this one.
> Security Focus ID 5993 is a Buffer Overflow in HTDigest in apache 1.3.
> According to security focus ( , all
> versions up to _and including_ 1.3.27 are vulnerable.  Now it isn't
> uncommon for SF to get a few details wrong, or to not update the exploit
> when a patch comes out, but I've RTFMed on this and found only the same
> information repeated.

>From here:
You can tell that the version with the fix has not yet been released.

But this is really not a very serious problem.  It would only be
exploitable if htdigest were to be called from a cgi script which is
1) rather a difficult thing to accomplish since it calls getpass, and 2)
not advisable for several other reasons.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message