Lucene search

PRIOn knowledge basePRION:CVE-2008-0555

HistoryApr 04, 2008 - 12:44 a.m.

Authentication flaw

2008-04-0400:44:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) ‘/’ and (2) ‘=’ characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.

CPENameOperatorVersion
apache-ssleq1.3.34-1.57

CPE	Name	Operator	Version
	apache-ssl	eq	1.3.34-1.57

References

secunia.com/advisories/29644

securityreason.com/securityalert/3797

www.apache-ssl.org/advisory-cve-2008-0555.txt

www.cynops.de/advisories/CVE-2008-0555.txt

www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt

www.securityfocus.com/archive/1/490386/100/0/threaded

www.securityfocus.com/bid/28576

www.securitytracker.com/id?1019784

www.vupen.com/english/advisories/2008/1079/references

exchange.xforce.ibmcloud.com/vulnerabilities/41618

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

Related for PRION:CVE-2008-0555