FreeBSD18974C8A-1FBD-11D9-814E-0001020EED82apache13-modssl -- format string vulnerability in proxy support
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.901 High
EPSS
Percentile
98.8%
A OpenPKG Security Advisory reports:
Triggered by a report to Packet Storm from Virulent, a
format string vulnerability was found in mod_ssl, the
Apache SSL/TLS interface to OpenSSL, version (up to and
including) 2.8.18 for Apache 1.3. The mod_ssl in Apache
2.x is not affected. The vulnerability could be
exploitable if Apache is used as a proxy for HTTPS URLs
and the attacker established a own specially prepared DNS
and origin server environment.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | apache+mod_ssl | < 1.3.31+2.8.19 | UNKNOWN |
| FreeBSD | any | noarch | apache+mod_ssl+ipv6 | < 1.3.31+2.8.19 | UNKNOWN |
| FreeBSD | any | noarch | ru-apache+mod_ssl | < 1.3.31+30.20+2.8.19 | UNKNOWN |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.901 High
EPSS
Percentile
98.8%