7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.2%
The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) ‘/’ and (2) ‘=’ characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
CPE | Name | Operator | Version |
---|---|---|---|
apache-ssl | eq | 1.3.34-1.57 |
secunia.com/advisories/29644
securityreason.com/securityalert/3797
www.apache-ssl.org/advisory-cve-2008-0555.txt
www.cynops.de/advisories/CVE-2008-0555.txt
www.klink.name/security/aklink-sa-2008-005-apache-ssl.txt
www.securityfocus.com/archive/1/490386/100/0/threaded
www.securityfocus.com/bid/28576
www.securitytracker.com/id?1019784
www.vupen.com/english/advisories/2008/1079/references
exchange.xforce.ibmcloud.com/vulnerabilities/41618