Lucene search

[email protected]NVD:CVE-2004-0885

HistoryNov 03, 2004 - 5:00 a.m.

CVE-2004-0885

2004-11-0305:00:00

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.4%

JSON

The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the “SSLCipherSuite” directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.

Affected configurations

NVD

Node

apachehttp_serverMatch2.0.35

apachehttp_serverMatch2.0.36

apachehttp_serverMatch2.0.37

apachehttp_serverMatch2.0.38

apachehttp_serverMatch2.0.39

apachehttp_serverMatch2.0.40

apachehttp_serverMatch2.0.41

apachehttp_serverMatch2.0.42

apachehttp_serverMatch2.0.43

apachehttp_serverMatch2.0.44

apachehttp_serverMatch2.0.45

apachehttp_serverMatch2.0.46

apachehttp_serverMatch2.0.47

apachehttp_serverMatch2.0.48

apachehttp_serverMatch2.0.49

apachehttp_serverMatch2.0.50

apachehttp_serverMatch2.0.51

apachehttp_serverMatch2.0.52

References

issues.apache.org/bugzilla/show_bug.cgi?id=31505

lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

lists.apple.com/archives/security-announce/2005/Aug/msg00000.html

marc.info/?l=bugtraq&m=109786159119069&w=2

secunia.com/advisories/19072

sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1

support.avaya.com/elmodocs2/security/ASA-2006-081.htm

www.apacheweek.com/features/security-20

www.redhat.com/support/errata/RHSA-2004-562.html

www.redhat.com/support/errata/RHSA-2004-600.html

www.redhat.com/support/errata/RHSA-2005-816.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/bid/11360

www.ubuntu.com/usn/usn-177-1

www.vupen.com/english/advisories/2006/0789

www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123

exchange.xforce.ibmcloud.com/vulnerabilities/17671

lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.4%

JSON

Related for NVD:CVE-2004-0885

nessus16 httpd1 openvas12 cve1 freebsd1 ubuntucve1 debiancve1 gentoo1 cvelist1 slackware1 altlinux3 redhat4 suse2 ubuntu1