apache -- Certificate Revocation List (CRL) off-by-one vulnerability

ID E936D612-253F-11DA-BC01-000E0C2E438A
Type freebsd
Reporter FreeBSD
Modified 2005-07-12T00:00:00


Marc Stern reports an off-by-one vulnerability in within mod_ssl. The vulnerability lies in mod_ssl's Certificate Revocation List (CRL). If Apache is configured to use a CRL this could allow an attacker to crash a child process causing a Denial of Service.