Lucene search

K
httpdApache Team FoundationHTTPD:82233F2FAA2B900100C6A8EE7D5D6012
HistoryApr 30, 2003 - 12:00 a.m.

Apache Httpd < 2.0.47 : mod_ssl renegotiation issue

2003-04-3000:00:00
Apache Team Foundation
httpd.apache.org
13

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

EPSS

0.012

Percentile

85.0%

A bug in the optional renegotiation code in mod_ssl included with Apache httpd can cause cipher suite restrictions to be ignored. This is triggered if optional renegotiation is used (SSLOptions +OptRenegotiate) along with verification of client certificates and a change to the cipher suite over the renegotiation.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.0.46
OR
apacheapache_httpdMatch2.0.45
OR
apacheapache_httpdMatch2.0.44
OR
apacheapache_httpdMatch2.0.43
OR
apacheapache_httpdMatch2.0.42
OR
apacheapache_httpdMatch2.0.40
OR
apacheapache_httpdMatch2.0.39
OR
apacheapache_httpdMatch2.0.37
OR
apacheapache_httpdMatch2.0.36
OR
apacheapache_httpdMatch2.0.35
VendorProductVersionCPE
apacheapache_httpd2.0.46cpe:2.3:a:apache:apache_httpd:2.0.46:*:*:*:*:*:*:*
apacheapache_httpd2.0.45cpe:2.3:a:apache:apache_httpd:2.0.45:*:*:*:*:*:*:*
apacheapache_httpd2.0.44cpe:2.3:a:apache:apache_httpd:2.0.44:*:*:*:*:*:*:*
apacheapache_httpd2.0.43cpe:2.3:a:apache:apache_httpd:2.0.43:*:*:*:*:*:*:*
apacheapache_httpd2.0.42cpe:2.3:a:apache:apache_httpd:2.0.42:*:*:*:*:*:*:*
apacheapache_httpd2.0.40cpe:2.3:a:apache:apache_httpd:2.0.40:*:*:*:*:*:*:*
apacheapache_httpd2.0.39cpe:2.3:a:apache:apache_httpd:2.0.39:*:*:*:*:*:*:*
apacheapache_httpd2.0.37cpe:2.3:a:apache:apache_httpd:2.0.37:*:*:*:*:*:*:*
apacheapache_httpd2.0.36cpe:2.3:a:apache:apache_httpd:2.0.36:*:*:*:*:*:*:*
apacheapache_httpd2.0.35cpe:2.3:a:apache:apache_httpd:2.0.35:*:*:*:*:*:*:*

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

EPSS

0.012

Percentile

85.0%

Related for HTTPD:82233F2FAA2B900100C6A8EE7D5D6012