Lucene search

[email protected]CVE-2008-0555

HistoryApr 04, 2008 - 12:44 a.m.

CVE-2008-0555

2008-04-0400:44:00

CWE-287

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-0555

apache-ssl

authentication bypass

distinguished name

remote attackers

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) ‘/’ and (2) ‘=’ characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.

CPENameOperatorVersion
apache-ssl:apache-sslapache-ssleq1.3.34_1.57

CPE	Name	Operator	Version
apache-ssl:apache-ssl	apache-ssl	eq	1.3.34_1.57

References

secunia.com/advisories/29644

securityreason.com/securityalert/3797

www.apache-ssl.org/advisory-cve-2008-0555.txt

www.cynops.de/advisories/CVE-2008-0555.txt

www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt

www.securityfocus.com/archive/1/490386/100/0/threaded

www.securityfocus.com/bid/28576

www.securitytracker.com/id?1019784

www.vupen.com/english/advisories/2008/1079/references

exchange.xforce.ibmcloud.com/vulnerabilities/41618

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.2%

JSON

Related for CVE-2008-0555

nessus1 ubuntucve1 securityvulns2 prion1