7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.901 High
EPSS
Percentile
98.5%
The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer Security
(TLS) protocols.
A format string issue was discovered in mod_ssl for Apache 1.3 which can be
triggered if mod_ssl is configured to allow a client to proxy to remote SSL
sites. In order to exploit this issue, a user who is authorized to use
Apache as a proxy would have to attempt to connect to a carefully crafted
hostname via SSL. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0700 to this issue.
Users of mod_ssl should upgrade to this updated package, which contains a
backported patch to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | mod_ssl | < 2.8.12-6 | mod_ssl-2.8.12-6.ia64.rpm |
RedHat | any | i386 | mod_ssl | < 2.8.12-6 | mod_ssl-2.8.12-6.i386.rpm |